Force HTTPS description text

[bjarnef]

The description text says:

Force all Google Map requests to use HTTPS protocol, even if the Umbraco instance is running on HTTP. Only relevant when Umbraco is running on HTTP

Terratype/src/Terratype.nuget/App_Plugins/Terratype.GoogleMapsV3/Lang/en-us.xml

Line 150 in abcf3c7

<key alias="httpsDescription">Force all Google Map requests to use HTTPS protocol, even if the Umbraco instance is running on HTTP. Only relevant when Umbraco is running on HTTP</key>

It should be

Only relevant when Umbraco is running on HTTPS

When the Umbraco instance is running on HTTP, you can always load external requests via HTTP and HTTPS, but when the Umbraco instance is configurated to run over HTTPS, external requests should also be loaded via HTTPS, otherwise you will get warnings in console about mixed Content: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

[Joniff]

Hi Bjarne,

I believe you have misunderstand what the words say, but to make sure we don't end up going down a cul-de-sac your last statement about requesting HTTP resources when running in a HTTPS session is correct. But this message, and the corresponding boolean value / checkbox is about the opposite situation, when you are running in a HTTP protocol, and not about HTTPS at all.

I'll try and state what it is doing, and then we can work how I can make my words less confusing.

1. If you don't enable the flag (checkbox is unclicked), then all requests happen using the same protocol that Umbraco uses. Technically it is using the domain '//maps.google.com/' - so when Umbraco is using HTTP then all requests use HTTP, and when Umbraco is using HTTPS it will use HTTPS for all requests to maps.google.com, because obviously no protocol has been set, the default protocol will be used.

2. If you set the checkbox (checkbox is clicked), it adds HTTPS to the start of all requests. So it uses the domain 'https://maps.google.com'. This setting of HTTPS is independent of what protocol Umbraco is using.

So the statement:-

Force all Google Map requests to use HTTPS protocol

Is correct, set the checkbox and the code adds 'https' to all requests. and..

Only relevant when Umbraco is running on HTTP

Is also correct, because when you are running Umbraco on HTTPS, it doesn't matter what you do with the checkbox, set or unset all the requests will use HTTPS regardless. So to repeat, this checkbox is only relevant when Umbraco is running on HTTP, because its irrelevant what you do with the checkbox when you are running on HTTPS

To confirm: There is no checkbox, to make requests happen over HTTP when you are running Umbraco via HTTPS, because of that exact problem of (https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content).

Cheers

Jonathan

ps. When using GCJ-02 coordinate system, all requests happen over 'http://maps.google.cn', there is no https version of that server due to restrictions in China. I suspect users, who require that functionality, will have to adapt to facts-on-the-ground.

[bjarnef]

Okay, I thought the config option was specifying whether to add http or https to the request url. But when using protocol less url, it makes sense it only is relevant to HTTP.

[Joniff]

Cool, though I agree with you. I'm not 100% happy with my choice of text, I agree it doesn't naturally flow, that its obvious to anyone reading it what it means. Hell I had to write a big paragraph, just to explain it.

Maybe adding that its protocol-less might be a good idea.

Cheers for this.

ps. Were you looking through he language file, because you were thinking about translating to another language ? Because that would be super cool, if you were giving it a thought.