XPages ressources in a theme – http vs. https

I am at the moment moving a site from standard http to https (using Nginx as a proxy in front of Domino – but that is a different story). However, I did run into a small issue. When I looked at the console in Google Chrome this message appeared:

index.xsp:6 Mixed Content: The page at ‘https://www.fiskogtast.dk/fangst.nsf/index.xsp’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://fonts.googleapis.com/css?family=Actor’. This request has been blocked; the content must be served over HTTPS.

… and when looking at my theme I found this:

<resource>
<content-type>text/css</content-type>
<href>http://fonts.googleapis.com/css?family=Actor</href>
</resource>

… and well, yes I had not taken into account that I was going to run SSL when adding that reference a while back. But I have taken on a new habit since then – now I use “protocol relative” urls. That is basically the same that we do when specifying “/db.nsf/…” in our apps as “domain relative” urls. So in this example I could use //fonts.googleapis.com/css?family=Actor. So I changed the href accordingly and refreshed my XPage….

But this did not do what I expected. Now the reference to the external resource was concatenated into an internal reference:

<link rel=”stylesheet” type=”text/css” href=”/fangst.nsf/xsp/.ibmmodres/.css/DTUAqua.css&amp;%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DActor”>

I tried to disable “Use runtime optimized Javascript and CSS resources” in the XSP properties – but didn’t seem to make a huge difference…

So I did a little more ressource and found (via this link by intec) that you can use the rendered attribute on a resource tag in a theme. So I ended up with this (not so elegant) solution -that seems to work fine:

<resourcerendered=“${javascript:context.getUrl().getScheme() != ‘https’}”>
<content-type>text/css</content-type>
<href>http://fonts.googleapis.com/css?family=Actor</href>
</resource>

<resourcerendered=“${javascript:context.getUrl().getScheme() == ‘https’}”>
<content-type>text/css</content-type>
<href>https://fonts.googleapis.com/css?family=Actor</href>
</resource>

Happy coding!

3 Responses to XPages ressources in a theme – http vs. https

    • Ahhh…. yes – thought I had seen something along those lines before – could have been yours. But couldn’t find it now. One small suggestion though, you should really use “${…}” instead of “#{…}” to minimize the calculation of the formula. The real problem I find is that you cannot use a protocol relative url….