starred/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2026-04-26 10:55:56 +03:00
Code Issues 253 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #69] This page is trying to load scripts from unauthenticated sources #53

New issue
Closed
opened 2026-03-02 15:55:18 +03:00 by kerem · 8 comments
kerem commented 2026-03-02 15:55:18 +03:00
Owner
Copy link

Originally created by @alecos71 on GitHub (Oct 12, 2018).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/69

Chrome reports this...

This page is trying to load scripts from unauthenticated sources

and here you can see how appears your app on Firefox and Chrome...

fm

Originally created by @alecos71 on GitHub (Oct 12, 2018). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/69 Chrome reports this... **_This page is trying to load scripts from unauthenticated sources_** and here you can see how appears your app on Firefox and Chrome... ![fm](https://user-images.githubusercontent.com/9997666/46869907-76fde100-ce2d-11e8-8b72-968e3f801c96.png)
kerem 2026-03-02 15:55:18 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-02 15:55:19 +03:00
Author
Owner
Copy link

@wmerfalen commented on GitHub (Oct 15, 2018):

@alecos71 What are the URLs of said scripts?

<!-- gh-comment-id:429723027 --> @wmerfalen commented on GitHub (Oct 15, 2018): @alecos71 What are the URLs of said scripts?
kerem commented 2026-03-02 15:55:19 +03:00
Author
Owner
Copy link

@wmerfalen commented on GitHub (Oct 15, 2018):

@alecos71 ah, i see what they are now... if you look in the source code of the script and search for things like <script, you'll find that the script is pulling from sources like cloudfare, jquery, bootstrap, etc. Not sure how I feel about that given that the philosophy of this project seems (at least to me) that it should be an all-in-one solution with very little/no deps.

<!-- gh-comment-id:429723534 --> @wmerfalen commented on GitHub (Oct 15, 2018): @alecos71 ah, i see what they are now... if you look in the source code of the script and search for things like `<script`, you'll find that the script is pulling from sources like cloudfare, jquery, bootstrap, etc. Not sure how I feel about that given that the philosophy of this project seems (at least to me) that it should be an all-in-one solution with very little/no deps.
kerem commented 2026-03-02 15:55:20 +03:00
Author
Owner
Copy link

@alecos71 commented on GitHub (Oct 15, 2018):

With previous version this did not happen... the fm did load any kind of script... with this new version fm cannot load the remote scripts (blocked by Firefox and Chrome...) I'm still using the previous version since I test drive your new version and your fm didn't work properly...

The url is https://www.mywebsite.org/test/fm.php?p= (its an example of the mine)

<!-- gh-comment-id:429742123 --> @alecos71 commented on GitHub (Oct 15, 2018): With previous version this did not happen... the fm did load any kind of script... with this new version fm cannot load the remote scripts (blocked by Firefox and Chrome...) I'm still using the previous version since I test drive your new version and your fm didn't work properly... The url is https://www.mywebsite.org/test/fm.php?p= (its an example of the mine)
kerem commented 2026-03-02 15:55:20 +03:00
Author
Owner
Copy link

@wmerfalen commented on GitHub (Oct 15, 2018):

@alecos71 I can look into it a bit more if you let me know what went wrong with my version?

Also, can you verify that the blocked scripts are the CDN URL's in the fm source code?

<!-- gh-comment-id:429753077 --> @wmerfalen commented on GitHub (Oct 15, 2018): @alecos71 I can look into it a bit more if you let me know what went wrong with my version? Also, can you verify that the blocked scripts are the CDN URL's in the fm source code?
kerem commented 2026-03-02 15:55:20 +03:00
Author
Owner
Copy link

@alecos71 commented on GitHub (Oct 15, 2018):

@alecos71 I can look into it a bit more if you let me know what went wrong with my version?

Also, can you verify that the blocked scripts are the CDN URL's in the fm source code?

This happens because my website is in https, I think...

Chrome doesn't let me know what are the scripts blocked, limit itself to say

This page is trying to load scripts from unauthenticated sources

tinyfilemanager-master-10 10 2018

With this version doesn't happen: tinyfilemanager-master (21.09.2018)

<!-- gh-comment-id:429776509 --> @alecos71 commented on GitHub (Oct 15, 2018): > > > @alecos71 I can look into it a bit more if you let me know what went wrong with my version? > > Also, can you verify that the blocked scripts are the CDN URL's in the fm source code? This happens because my website is in https, I think... Chrome doesn't let me know what are the scripts blocked, limit itself to say **_This page is trying to load scripts from unauthenticated sources_** ![tinyfilemanager-master-10 10 2018](https://user-images.githubusercontent.com/9997666/46943032-00502600-d06f-11e8-8d1d-92ba782ab88b.png) With this version doesn't happen: tinyfilemanager-master (21.09.2018)
kerem commented 2026-03-02 15:55:20 +03:00
Author
Owner
Copy link

@alecos71 commented on GitHub (Oct 15, 2018):

Found the guilty...

http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

should be:

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Chrome and Firefox cannot load remote urls if they aren't in https...

<!-- gh-comment-id:429780999 --> @alecos71 commented on GitHub (Oct 15, 2018): Found the guilty... http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css should be: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css Chrome and Firefox cannot load remote urls if they aren't in https...
kerem commented 2026-03-02 15:55:20 +03:00
Author
Owner
Copy link

@alecos71 commented on GitHub (Oct 15, 2018):

Confirmed!!! Must be: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

the resources must be in https...

<!-- gh-comment-id:429784582 --> @alecos71 commented on GitHub (Oct 15, 2018): Confirmed!!! Must be: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css the resources must be in https...
kerem commented 2026-03-02 15:55:20 +03:00
Author
Owner
Copy link

@wmerfalen commented on GitHub (Oct 16, 2018):

@alecos71 I just committed to my master branch a version of the tinyfilemanager that serves all cdnjs urls over https.

<!-- gh-comment-id:430062831 --> @wmerfalen commented on GitHub (Oct 16, 2018): @alecos71 I just committed to my master branch a version of the tinyfilemanager that serves all cdnjs urls over https.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
prasathmani-patch-1
offline
add-license-1
2.6
2.5.3
2.5.0
2.4.7
2.4.3
2.4.1
2.4.0
2.3.8
2.3.4
2.3
2.2.0
2.0.2
2.0.1
Labels
Clear labels   
Feature

   
Feature

   
Is It Really an Issue?

   
Need More Info

   
Request

   
Security

   
bug

   
duplicate

   
enhancement

   
enhancement

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
suggestion

   
wontfix
No labels
Feature
Feature
Is It Really an Issue?
Need More Info
Request
Security
bug
duplicate
enhancement
enhancement
help wanted
invalid
pull-request
question
suggestion
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tinyfilemanager#53
No description provided.