HTTPS

11 posts, 0 answers
  1. Kevin
    Kevin avatar
    112 posts
    Member since:
    Jul 2011

    Posted 08 Jun 2012 Link to this post

    I notice on our encrypted site when we use kendo controls, the sprites and things are calling non-https cdn resources. Can we get these to come from a https location so it doesn't lower the trust level displayed in browsers?
    Our site has asp.net mvc 3 platform and has an expensive ssl setup to show the user an EV trust seal but when we use kendo controls we lose it because the page is "partially encrypted" at that point. In IE the whole padlock seal goes away all together.

    http://cdn.kendostatic.com/2012.1.322/styles/Default/sprite.png    etc...

    We use the web.all.js file... I would personally prefer to host the images and not have it call a cdn, but if that isn't an option... could there maybe an option to pass the js file a query string or something so it will call https resources?

    I understand the benefits cdn's can bring, epecially for files like jquery where ,millions of sites have it and most browsers/cpu's would have it cached, but in our case we would prefer to house the files ourselves... and not have to break into the web.all.js scripts to do it too if possible.
  2. Jeremy
    Jeremy avatar
    56 posts
    Member since:
    Nov 2011

    Posted 09 Jun 2012 Link to this post

    http://www.kendoui.com/documentation/javascript-dependencies.aspx 


    CDN

    The minified versions of all JavaScript files (except jQuery) are also available via CDN

    http://cdn.kendostatic.com/<version>/js/<filename>.min.js 

    e.g. http://cdn.kendostatic.com/2011.3.1129/js/kendo.all.min.js

    Important: in order to use HTTPS at this point, you need to directly access the CloudFront CDN:
    https://da7xgjtj801h2.cloudfront.net/<version>/js/<filename>.min.js 
  3. Kevin
    Kevin avatar
    112 posts
    Member since:
    Jul 2011

    Posted 15 Jun 2012 Link to this post

    Thanks Jeremy for your input, we do host our copies of the framework so it isn't a js cdn issue after all.

    Since we host our kendo js it is all https, however I now realized we are using some themebuilder CSS which has static references to some http cdn images. We ended up downloading the images to our server and changed the CSS file to local relative references and we are now running 100% https.

    I would say it may worth suggesting the kendo css themebuider have an https option maybe... ??
  4. Joshua
    Joshua avatar
    69 posts
    Member since:
    May 2012

    Posted 16 Jun 2012 Link to this post

    Do we know when there will be a https cdn besides cloudfront?
  5. John
    John avatar
    24 posts
    Member since:
    Nov 2011

    Posted 09 Jul 2012 Link to this post

    OK, are we saying you hardcode the HTTP into the URL? WHY? Can't you just put in the root based path and let the server handle the HTTP/HTTPS on it's own?

    Will there be a patch/fix for this soon?
  6. Kevin
    Kevin avatar
    112 posts
    Member since:
    Jul 2011

    Posted 09 Jul 2012 Link to this post

    John,
    If you host the js files yourself (on your local or web server) yes the server will take care of the http/https... it is the CDN (hosted by telerik servers) that was the concern.  Our issue ended up actually being a CSS file (from telerik's themebuilder) that had a "hardcoded" reference to non-https images to CDN images (hosted by telerik servers). So if you reference any non-https resources the browsers will no longer verify encryption and in some cases even stop the page from loading and display errors to users... yuk... Downloading the images and changing the CSS allows anyone to do https with custom CSS (optional) and not have to do any hard coding.
  7. Joshua
    Joshua avatar
    69 posts
    Member since:
    May 2012

    Posted 16 Jul 2012 Link to this post

    Is there  plan to get https matching resources, so i only need to switch the protocols for my reference?

    My plan was just to use the https versions of everything, even on my http site, but it looks like the editor makes a call back somewhere which causes a permission denied in IE.

    So now, I need to actually construct URL's based on the protocol.
  8. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 17 Jul 2012 Link to this post

    Hi guys,

     The Telerik CDN is hosted on Amazon CloudFront. The latter currently does not support CNAMEs in HTTPS mode. More info can be found in their documentation: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html 

     This is the reason why the CDN assets have different URL depending on the protocol.

     As a workaround you can avoid using the CNAME version at all. So you can only include 

    //da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js 

    In HTTP this would include 
    http://da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js 

    and in HTTPS it would include
    https://da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js

    Regards,
    Atanas Korchev
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  9. Joshua
    Joshua avatar
    69 posts
    Member since:
    May 2012

    Posted 17 Jul 2012 Link to this post

    maybe i should know this, but I don't know how i should just specify 
    //da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js  

    as a url for javascript
  10. Alex Gyoshev
    Admin
    Alex Gyoshev avatar
    2527 posts

    Posted 18 Jul 2012 Link to this post

    <script src="//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js"></script>

    More information can be found in the following article.

    Kind regards,
    Alex Gyoshev
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  11. Ray
    Ray avatar
    8 posts
    Member since:
    Jan 2013

    Posted 11 Jul 2013 Link to this post

    A resurrection so I apologize, but:

    We had the same problem as Zack recently, where the kendo control was accessing the CDN even though all of our resources were being hosted locally.

    The issue was that themebuilder contained static HTTP references to the CDN. I ended up chasing ghosts for several hours until I came across this.

    Themebuilder either needs to use a protocol agnostic format, or allow the user to select HTTPs manually.

    Hopefully this helps others.

    Cheers,

    Ray
Back to Top