CKEditor with SCAYT over HTTPS gives Security Warning

Question

I've got a CKEditor WYSIWYG text and HTML editor control on an HTTPS/SSL web page. I just today enabled the SCAYT (spell check as you type) feature and now see a Security Warning when the page loads.

It seems to be caused by these four files:

• http://svc.spellchecker.net/spellcheck31/lf/scayt/_base.xd.js
• http://svc.spellchecker.net/spellcheck31/lf/scayt/nls/caption.xd.js
• http://svc.spellchecker.net/spellcheck31/lf/scayt/lang_list.js
• http://svc.spellchecker.net/spellcheck31/lf/scayt/resources/blank.gif

I found a Ticket #4065 for this issue. SpellChecker.net reportedly corrected the problem from their end 12 days ago.

Why do I still see the warning form my web site?

Clarification

Those file names don't appear anywhere in my source code.

Answer 1

Why do I still see the warning form my web site?

Probably because you are still making http requests from a https page - why that is, I don't know though, from the bug it looks like CKEditor will switch protocols automatically. You didn't hard-code those four addresses you list above?

Answer 2

You are getting the warning because the scripts are not being loaded via a ssl link (https) just regular http.

I tried fetching the first script manually via ssl in my browser, and it seems to work fine.

I don't have any direct experience with this component, but I assume those lines were automatically generated. If so, there should be a setting somewhere to enable ssl, or it should be auto-detected by the script.

If you added the lines manually then replace the http:// wth https://, then it should stop giving you the warning message.

Answer 3

The problem is resolved on SpellChecker.net side