I'm developing a site for a small business. It has a section for users to log in and do stuff, so i want that encrypted. I don't care if everything else is encrypted or not, it's not critical - yet it would be useful and i might as well get the certificate's worth (since it's not easy to make a user install a selfCA).
So i made a self-signed certificate[1] and set 'base_url' => 'https://192.0.2.33/', but i'd like to serve images via HTTP[2]. My approach ended up being to change the assets' config to 'url' => 'http://192.0.2.33/assets/', which has a few issues:
both scheme and host are hard-coded
all assets are served via HTTP, not just images - which causes browsers (at least Firefox) to block active content
images are no longer served with timestamp, even though i have 'add_mtime' => true
So, do you guys have any (technical) suggestions to only serve images via HTTP? I've also been fiddling with setting the webserver to redirect image requests to HTTP, but i'd rather keep it at the application level.
Sorry if i hurt some thin-skinned feelings somehow, this is my first post.
P.S. the superscript doesn't render as such in the preview (or in the final post) and the preview blocks the whole page - if there's a close button i didn't see it and had to repost.
1 all of this relates to my dev environment. On a site note, can i have other config files in app/config/(development|production|...), other than db? 2 the reason being while i'm ok with the overhead of encrypting text files, even though they're not critical; i don't see the point with the overhead of encrypting images. Yes, computers are ever more powerful but i don't like that argument and the user base for this site is very diverse.
Donate
