2

I'm storing photos using aws s3 and I get a chrome warning saying some of the content on the site isn't secure. In the dev console I see:

The page at https://domain.herokuapp.com/users/1/ displayed insecure content 
from http://s3.amazonaws.com/domain/photos/user_thumbnail/casing-earphones.jpg?1365720318.

The amazon link isn't https how can I fix this my apps access to the entire bucket?

Following the setup instructions here: https://devcenter.heroku.com/articles/paperclip-s3

I have the following code I guess i need to add a URL option somewhere somehow:(config/environment/production.rb)

config.paperclip_defaults = {
  :storage => :s3,
  :s3_credentials => {
      :bucket => ENV['AWS_BUCKET'],
      :access_key_id => ENV['AWS_ACCESS_KEY_ID'],
      :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY']
  }
}
Jaqx
  • 826
  • 3
  • 14
  • 39
  • This seems to have been discussed here: http://stackoverflow.com/questions/3770728/secure-paperclip-urls-only-for-secure-pages – friism Apr 12 '13 at 05:50

2 Answers2

5

I needed to add this line: 

:s3_protocol => 'https'

It's not mentioned in the setup instructions but paperclip s3 configuration options can be found here: http://rdoc.info/github/thoughtbot/paperclip/Paperclip/Storage/S3

Jaqx
  • 826
  • 3
  • 14
  • 39
1

You may be able to just add the s to the http URL and have it work fine. If that works, then fix the link to refer to https instead of http.

If that doesn't work, you may need to contact Amazon customer service. As long as you have links to http pages from an https connection you and your users will get that message. More importantly however, you open your users up to XSS, CSRF, and MitM attacks.

Freedom_Ben
  • 11,247
  • 10
  • 69
  • 89
  • Right I think force adding the s will work but i dunno how. ive added more to my post – Jaqx Apr 12 '13 at 04:55