Netlify Mixed Content Warnings
Published:
Looking at my blog today, I noticed that Netlify now warns you if you link to non-HTTPS URLs in your site:
2:37:56 PM: Starting post processing
2:37:56 PM: Mixed content detected in: /blog/index.html
2:37:56 PM: --> insecure link urls:
2:37:56 PM: - http://w6d6vblb6vhuqxt6.onion/blog/
2:37:56 PM: - http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion/blog/
2:37:56 PM: - http://creativecommons.org/licenses/by-nd/4.0/
This is really handy in catching those URLs you’ve forgotten to make into HTTPS URLs, but Tor Project exempts .onion hostnames from mixed content warnings (see Tor ticket #23439) and this is even applied upstream by Mozilla in Firefox (see Mozilla ticket #1382359).
I’ve fixed the link for the Creative Commons license in my template, but those .onion links are correct and I generate them for every page in my website. I hope Netlify will update this new feature to treat .onion hostnames as secure regardless of the use of HTTPS as Tor Project and Mozilla do. There’s just too much output for me to go through and ignore for this to reach it’s full potential for me.