Netlify Mixed Content Warnings

· netlify web onion-services
This blog post is more than two years old. It is preserved here in the hope that it is useful to someone, but please be aware that links may be broken and that opinions expressed here may not reflect my current views. If this is a technical article, it may no longer reflect current best practice.

Looking at my blog today, I noticed that Netlify now warns you if you link to non-HTTPS URLs in your site:

2:37:56 PM: Starting post processing
2:37:56 PM: Mixed content detected in: /blog/index.html
2:37:56 PM: --> insecure link urls:
2:37:56 PM:   - http://w6d6vblb6vhuqxt6.onion/blog/
2:37:56 PM:   - http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion/blog/
2:37:56 PM:   -

This is really handy in catching those URLs you’ve forgotten to make into HTTPS URLs, but Tor Project exempts .onion hostnames from mixed content warnings (see Tor ticket #23439) and this is even applied upstream by Mozilla in Firefox (see Mozilla ticket #1382359).

I’ve fixed the link for the Creative Commons license in my template, but those .onion links are correct and I generate them for every page in my website. I hope Netlify will update this new feature to treat .onion hostnames as secure regardless of the use of HTTPS as Tor Project and Mozilla do. There’s just too much output for me to go through and ignore for this to reach it’s full potential for me.

If you would like to contact me with comments, please send me an email.
If you would like to support my free software work, you can support me on Patreon or donate via PayPal.

This post was syndicated on: