views:

497

answers:

5

I'm using YUI on my site. It works fine with no errors when you access over HTTP. However, when IE users access the site over HTTPS they get the dreaded "this page contains secure and nonsecure items" error message, which makes it really close to unusable.

I'm hosting the YUI files, so they're getting served up over HTTPS, but in the CSS file, it's referencing an image file over HTTP still which causes the IE error message to appear:

background:url(http://yui.yahooapis.com/2.7.0/build/assets/skins/sam/sprite.png)

Any suggestions for suppressing this error? There are a ton of HTTP links referenced in the CSS.

+1  A: 

You are going to have to change the links to go over HTTPS. I don't know if the YUI server at yahoo allows this (or you can host them yourself and redirect the css file to point to your server), but it's the only way to get rid of the message.

Kevin
do you know if there's a utility to mirror every image that's referenced in a CSS file?
Dave
+1  A: 

referencing assets from no secure urls is going to throw this warnings. SSL requires everything to be served from secure urls. Either host the files locally, or see if yahoo offers a secure option of the source files.

Aliixx
A: 

Hosting everything on your side and using relative URLs are generally the best options for not facing any problems with SSL.

I suggest you download that file, host it on your side and not use any absolute (http or https) URLs.

Danny Maya
+5  A: 

Go to http://developer.yahoo.com/yui/2/ & download the full developer kit, copy the build folder to wherever you want YUI to be hosted. Do a global search/replace in your YUI CSS for

http://yui.yahooapis.com/2.7.0/build/

and replace it with the path of the YUI build folder on your site. I'm assuming you grabbed the combined CSS from the YUI dependency tool & you don't need, so that's the easiest way to convert that.

Tivac
grr - anyone know if a change was made in YUI 3 for this situation?
Simon_Weaver
This requires that you use an absolute path to your YUI build folder - annoying if your site root is different in development and production.
Gabe Moothart
Combining this answer with a previous one, you could search/replace `http://yui.yahooapis.com/2.7.0/build/` with the corresponding https google CDN
Gabe Moothart
+3  A: 

If you wish to use hosted files, you can choose between Yahoo and Google Content Delivery Networks. Yahoo's network supports combo-handling; Google's supports SSL.

Check out the YUI Dependency Configurator

Select Google as your CDN and change the base url to https://

Tim Mays
ha awesome. for anyone for whom this isnt obvious that quote comes from the yahoo page itself for YUI 2. no mention [yet] on YUI 3 page about using SSL either with or without google
Simon_Weaver
A disadvantage to this is that Google doesn't support the rollup files that the Yahoo CDN uses. Also files are updated in Yahoo's CDN sooner than Google's.
Gabe Moothart