Use secure HTTPS and Disable WebSecurity


#1

Loaded up some older projects and seems the Use HTTPS is checked by default. Setting WebSecurity Rendering Engine) to disabled and links with http:// will not load, error is thrown.

Yes, I could go back through and find all the http and change to https. But, there are a few CDN’s (like nicedit - http://js.nicedit.com/nicEdit-latest.js) that are not served https.

So why does “Disable WebSecurity” in Rendering Engine no longer work?

Another issue is (or at least in my projects) if you uncheck Use HTTPS, YouTube videos are throwing error:

Refused to display ‘https://www.youtube.com/watch?v=1_7BKFMJrYA’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.

Never had this issue in past with WebSecurity disabled in Rendering Engine.


#2

First, uncheck “Use HTTPS” if your projects are not compatible.
Not sure whether HTTPS play a role in the X-Frame-Options’ to ‘sameorigin’.
We’ll check for “Disable WebSecurity” in Rendering Engine, but the option is still passed to the Chromium engine so maybe they did something to that option internally.


#3

Yea, that is easy to do. But something has changed somewhere. Things are not quite the same.

No positive if iframe error has anything to do with it either, just wanted you to know now having issues and did not in past.