Opened 7 years ago

Last modified 7 years ago

#16987 confirmed New Feature

Improved Support for Secure Content

Reported by: Steve James Owned by:
Priority: Normal Milestone:
Component: UI : Dialogs Version:
Keywords: Cc:


Thank you for all of your hard work. I am the current volunteer developer of a hybrid content management system, email list server, and free website provider called FreeToastHost that is made for and used by over 11,000 non-profit Toastmasters public speaking clubs worldwide. The system creates websites from a custom template that we merge each club's custom content into. The system depends extensively on CKEditor for content editing and I always make sure that I give credit for the editor where credit is due. (e.g., not my creation)

Because all the recent updates to our system are the result of me contributing a lot of my spare time, some things have lagged behind other systems a bit. Case In Point: Implementation of full HTTPS support. We are making headway on that, but we are bumping up against mixed content issues for the content that our users create via CKEditor.

While I certainly do post-processing where I can to address insecure URLs entered for photos, iframes, etc., it has occurred to me that it would be very helpful if CKEditor could also help with this. This is becoming more and more important and browsers are now starting to flag insecure pages and content more aggressively.

What I am thinking is maybe some additional settings to prevent explicit http:// URLs from being specified in the relevant dialogs. It would be good if there were individual settings for photos, iframe, links, etc. E.g. something like PreventInsecurePhotos, PreventInsecureIframes, PreventInsecureLinks, etc.

Additionally, it would be helpful if the Advanced Content Filtering could be used to filter out insecure content. This would address insecure content that already exists.

If I am missing some way that already exists to do this, then I certainly am sorry for imposing on your time, and I thank you for your consideration.

Change History (1)

comment:1 Changed 7 years ago by Jakub Ś

Keywords: Dialogs HTTPS ACF Insecure Content removed
Status: newconfirmed
Version: 4.7.0 (GitHub - major)

The easiest and best solution is changing http to https on the server. You might however get into problems where https is not available.

I'm confirming this ticket but to be honest there is no way for us to take care of this now or in the near future. The only thing I can recommend is that you try creating a plugin and add to add-ons page or a pull-request (which modifies all 3 dialogs) and try to submit it!/guide/dev_contributing_code

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy