New Release - HTTP vs HTTPS external resource requests

I have a setup with a nodebalancer receiving HTTPS requests and talking to standalone backends in HTTP.

The new release had this in the Change Log:
Updated web framework to make sure all external resource requests match the protocol of the app itself (http vs https)

Does that mean that the webapp will make requests in HTTP to other services due to the fact that I do not have it working on http (at least from the webapp perspective)

I would strongly prefer to keep it this way since the handshake in https is not efficient enough, well at least from my limited testing in the past etc…

What it means is that the browser will request external libs (like the apis for google maps) using the same protocol that they use to connect to your app. This prevents the browser warnings about having mixed protocols on a page. So for instance, if your user connects to your app like this:

http://www.example.com/myapplication.cgi

The Google Maps lib will be loaded like this:

http://maps.google.com/maps/api/js?sensor=false&libraries=geometry

OTOH, if a user connects securely:

https://www.example.com/myapplication.cgi

The Google Maps lib will be loaded like this:

https://maps.google.com/maps/api/js?sensor=false&libraries=geometry

The fix was that we still had a few outstanding places where this was not always the case.

ahh, ok. That’s great! Thanks for the updates.

I was worried because my web apps do not run in “secure mode” with certificates etc, only the nodebalancer does.

Thanks Mr O’Lone, have a great day!

who helps make me a calculator