https is not secure because of unsecure link in Android Mobile Template

roelof · May 7, 2020, 8:07pm

Hi,

In my production website I got reported that the site is insecure. Investigation learned me that the link to a background image from the scriptcase_Android_Dark CSS contained the following definition.

.scMenuHTableCssAlt{
background-image:url("/scriptcase/devel/conf/scriptcase/img/menu_img/theme_menu_mainbk_1.png");background-color:#333;background-repeat:repeat-x;
}

The path /scriptcase/devel/conf/scriptcase does not exist in my production enviroment.Should this not be a link to the _lib/css folder in production ?

Thanks
Roelof

aducom · May 7, 2020, 9:01pm

It depends how and where you have set this reference. If you have set it by yourself then SC will not be able to change that. If it has been a result of a generation then there’s a bug as there is no devel directory in production.

roelof · May 7, 2020, 9:01pm

Thanks Albert,

The template is a default one from SC, no changes. All the other links in the template are relative.
So it has been a result from generation indeed. I think development missed one here. No problem there. A fix would be very nice.
The template exists in _lib\css_menu_Theme, Same problem in other projects.

The other css references are relative: background-image:url(’…/…/img/theme_menu_arrowsub_1.png’)
This one is different : background-image:url("/scriptcase/devel/conf/scriptcase/img/menu_img/theme_menu_mainbk_1.png");
Easy to change, but there are a lot of instances of this code.

Roelof