Note things like "http:///css/linaro.css" (I didn't even think it's valid URL). In linaro-license-protection/templates/header.html we have:
href="{% if request.is_secure %}https{% else %}http{% endif %}://{{ request.get_host }}/css/linaro.css"
apparently, that's too complicated and not going to work - SSL is served by frontend web server, if our app is proxied, it won't get any chance to know if it's behind SSL.
href="/css/linaro.css"
should be well enough, and that's first change I'd propose to do.
Actually, I see even worse situation:
[blocked] The page at https:/ /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// resources/ css/ext- all.css. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// www.linaro. org/remote/ css/init. css. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// www.linaro. org/remote/ css/remote. css. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// www.linaro. org/remote/ js/linarofamily .js. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// js/jquery- 1.7.2.js. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// js/jquery- ui-1.8. 23.custom. min.js. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// css/jquery- ui/jquery- ui-1.8. 23.custom. css. /snapshots. linaro. org/quantal/ restricted/ integrated- big.little- fastmodels/ 1 ran insecure content from http:// css/linaro. css.
[blocked] The page at https:/
[blocked] The page at https:/
[blocked] The page at https:/
[blocked] The page at https:/
[blocked] The page at https:/
[blocked] The page at https:/
[blocked] The page at https:/
Note things like "http:// /css/linaro. css" (I didn't even think it's valid URL). In linaro- license- protection/ templates/ header. html we have:
href="{% if request.is_secure %}https{% else %}http{% endif %}://{{ request.get_host }}/css/linaro.css"
apparently, that's too complicated and not going to work - SSL is served by frontend web server, if our app is proxied, it won't get any chance to know if it's behind SSL.
href="/ css/linaro. css"
should be well enough, and that's first change I'd propose to do.