I notice on our encrypted site when we use kendo controls, the sprites and things are calling non-https cdn resources. Can we get these to come from a https location so it doesn't lower the trust level displayed in browsers?
Our site has asp.net mvc 3 platform and has an expensive ssl setup to show the user an EV trust seal but when we use kendo controls we lose it because the page is "partially encrypted" at that point. In IE the whole padlock seal goes away all together.
http://cdn.kendostatic.com/2012.1.322/styles/Default/sprite.png etc...
We use the web.all.js file... I would personally prefer to host the images and not have it call a cdn, but if that isn't an option... could there maybe an option to pass the js file a query string or something so it will call https resources?
I understand the benefits cdn's can bring, epecially for files like jquery where ,millions of sites have it and most browsers/cpu's would have it cached, but in our case we would prefer to house the files ourselves... and not have to break into the web.all.js scripts to do it too if possible.
Our site has asp.net mvc 3 platform and has an expensive ssl setup to show the user an EV trust seal but when we use kendo controls we lose it because the page is "partially encrypted" at that point. In IE the whole padlock seal goes away all together.
http://cdn.kendostatic.com/2012.1.322/styles/Default/sprite.png etc...
We use the web.all.js file... I would personally prefer to host the images and not have it call a cdn, but if that isn't an option... could there maybe an option to pass the js file a query string or something so it will call https resources?
I understand the benefits cdn's can bring, epecially for files like jquery where ,millions of sites have it and most browsers/cpu's would have it cached, but in our case we would prefer to house the files ourselves... and not have to break into the web.all.js scripts to do it too if possible.
10 Answers, 1 is accepted
0
Jeremy
Top achievements
Rank 1
Rank 1
answered on 10 Jun 2012, 03:36 AM
http://www.kendoui.com/documentation/javascript-dependencies.aspx
CDN
The minified versions of all JavaScript files (except jQuery) are also available via CDN
http://cdn.kendostatic.com/<version>/js/<filename>.min.js
e.g. http://cdn.kendostatic.com/2011.3.1129/js/kendo.all.min.js
Important: in order to use HTTPS at this point, you need to directly access the CloudFront CDN:https://da7xgjtj801h2.cloudfront.net/<version>/js/<filename>.min.js
0
Guru
Top achievements
Rank 2
Rank 2
answered on 15 Jun 2012, 08:17 PM
Thanks Jeremy for your input, we do host our copies of the framework so it isn't a js cdn issue after all.
Since we host our kendo js it is all https, however I now realized we are using some themebuilder CSS which has static references to some http cdn images. We ended up downloading the images to our server and changed the CSS file to local relative references and we are now running 100% https.
I would say it may worth suggesting the kendo css themebuider have an https option maybe... ??
Since we host our kendo js it is all https, however I now realized we are using some themebuilder CSS which has static references to some http cdn images. We ended up downloading the images to our server and changed the CSS file to local relative references and we are now running 100% https.
I would say it may worth suggesting the kendo css themebuider have an https option maybe... ??
0
Joshua
Top achievements
Rank 2
Iron
Veteran
Iron
Rank 2
Iron
Veteran
Iron
answered on 16 Jun 2012, 03:32 PM
Do we know when there will be a https cdn besides cloudfront?
0
John
Top achievements
Rank 1
Rank 1
answered on 09 Jul 2012, 10:13 PM
OK, are we saying you hardcode the HTTP into the URL? WHY? Can't you just put in the root based path and let the server handle the HTTP/HTTPS on it's own?
Will there be a patch/fix for this soon?
Will there be a patch/fix for this soon?
0
Guru
Top achievements
Rank 2
Rank 2
answered on 09 Jul 2012, 10:40 PM
John,
If you host the js files yourself (on your local or web server) yes the server will take care of the http/https... it is the CDN (hosted by telerik servers) that was the concern. Our issue ended up actually being a CSS file (from telerik's themebuilder) that had a "hardcoded" reference to non-https images to CDN images (hosted by telerik servers). So if you reference any non-https resources the browsers will no longer verify encryption and in some cases even stop the page from loading and display errors to users... yuk... Downloading the images and changing the CSS allows anyone to do https with custom CSS (optional) and not have to do any hard coding.
If you host the js files yourself (on your local or web server) yes the server will take care of the http/https... it is the CDN (hosted by telerik servers) that was the concern. Our issue ended up actually being a CSS file (from telerik's themebuilder) that had a "hardcoded" reference to non-https images to CDN images (hosted by telerik servers). So if you reference any non-https resources the browsers will no longer verify encryption and in some cases even stop the page from loading and display errors to users... yuk... Downloading the images and changing the CSS allows anyone to do https with custom CSS (optional) and not have to do any hard coding.
0
Joshua
Top achievements
Rank 2
Iron
Veteran
Iron
Rank 2
Iron
Veteran
Iron
answered on 17 Jul 2012, 01:20 AM
Is there plan to get https matching resources, so i only need to switch the protocols for my reference?
My plan was just to use the https versions of everything, even on my http site, but it looks like the editor makes a call back somewhere which causes a permission denied in IE.
So now, I need to actually construct URL's based on the protocol.
My plan was just to use the https versions of everything, even on my http site, but it looks like the editor makes a call back somewhere which causes a permission denied in IE.
So now, I need to actually construct URL's based on the protocol.
0
Hi guys,
Atanas Korchev
the Telerik team
The Telerik CDN is hosted on Amazon CloudFront. The latter currently does not support CNAMEs in HTTPS mode. More info can be found in their documentation: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
This is the reason why the CDN assets have different URL depending on the protocol.
As a workaround you can avoid using the CNAME version at all. So you can only include
//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
In HTTP this would include
http://da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
and in HTTPS it would include
https://da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
Atanas Korchev
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
0
Joshua
Top achievements
Rank 2
Iron
Veteran
Iron
Rank 2
Iron
Veteran
Iron
answered on 17 Jul 2012, 04:48 PM
maybe i should know this, but I don't know how i should just specify
//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
as a url for javascript
//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
as a url for javascript
0
<script src="//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js"></script>
More information can be found in the following article.
Kind regards,
Alex Gyoshev
the Telerik team
More information can be found in the following article.
Kind regards,
Alex Gyoshev
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
0
Ray
Top achievements
Rank 1
Rank 1
answered on 11 Jul 2013, 08:50 PM
A resurrection so I apologize, but:
We had the same problem as Zack recently, where the kendo control was accessing the CDN even though all of our resources were being hosted locally.
The issue was that themebuilder contained static HTTP references to the CDN. I ended up chasing ghosts for several hours until I came across this.
Themebuilder either needs to use a protocol agnostic format, or allow the user to select HTTPs manually.
Hopefully this helps others.
Cheers,
Ray
We had the same problem as Zack recently, where the kendo control was accessing the CDN even though all of our resources were being hosted locally.
The issue was that themebuilder contained static HTTP references to the CDN. I ended up chasing ghosts for several hours until I came across this.
Themebuilder either needs to use a protocol agnostic format, or allow the user to select HTTPs manually.
Hopefully this helps others.
Cheers,
Ray