Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Mixed content
  • Hello fueled world.

    I'm developing a site for a small business.
    It has a section for users to log in and do stuff, so i want that
    encrypted. I don't care if everything else is encrypted or not, it's not
    critical - yet it would be useful and i might as well get the
    certificate's worth (since it's not easy to make a user install a
    selfCA).

    So i made a self-signed certificate[1] and set 'base_url'  => 'https://192.0.2.33/', but i'd like to serve images via HTTP[2]. My approach ended up being to change the assets' config to 'url' => 'http://192.0.2.33/assets/', which has a few issues:
    • both scheme and host are hard-coded
    • all assets are served via HTTP, not just images - which causes browsers (at least Firefox) to block active content
    • images are no longer served with timestamp, even though i have 'add_mtime' => true
    So,
    do you guys have any (technical) suggestions to only serve images via
    HTTP? I've also been fiddling with setting the webserver to redirect
    image requests to HTTP, but i'd rather keep it at the application level.

    Sorry if i hurt some thin-skinned feelings somehow, this is my first post.

    P.S. the superscript doesn't render as such in the preview (or in the final post) and the preview blocks the whole page - if there's a close button i didn't see it and had to repost.


    1
    all of this relates to my dev environment. On a site note, can i have
    other config files in app/config/(development|production|...), other
    than db?
    2 the reason being while i'm ok with the overhead
    of encrypting text files, even though they're not critical; i don't see
    the point with the overhead of encrypting images. Yes, computers are
    ever more powerful but i don't like that argument and the user base for
    this site is very diverse.
  • 1. Yes, environment config is supported for all config files.

    As to the other question, I would have to look into that.
  • HarroHarro
    Accepted Answer
    You need to use different Asset instances for this, one configured for http, one for https. You can have a different config for both.

    Don't forget that in most cases, the static interface is just a front for the default instance,

    Asset::js()

    is the same as

    Asset::instance()->js();
  • Yup, fixed it with

    \Asset::instance('nameOfInstance')->img(...

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion