CSS breaks about minimal-mistakes HOT 6 CLOSED

If you make your url in _config.yml //yourdomain.com you shouldn't have to modify the theme at all.
The only place you might run into issues are in the Atom feed. I'm not sure how well protocol less domains are supported by most feed readers so some content might not show up. The same can be said for https.

http vs https is dicey area with a lot of gotchas that I don't feel like supporting or dealing with. I prefer to make the theme simple and work 99.9% of the time instead of catering to every possible scenario. Which is why I went with http and leave it up to the end user to fork and do what they want with the code.

Most are using Jekyll to host a blog made up of simple static files. https in my opinion is overkill in this case unless you have forms and are actually transmitting data back and fourth that needs encryption.

from minimal-mistakes.

Any particular reason you want to use https instead of http when hosting on GitHub pages? It should work just fine with http as the site URL. From my understanding there are a few gotchas (cross origin scripts and assets, etc) if you decide to use https hosted pages on GH, which could be why you're having issues. I don't think it has anything to do with the theme.

The real problem is mixing https requests in with a domain that is on http. That's why Firefox is barfing up warnings for you. You probbaly have links and or images in your posts or pages that are https. That's a security issues as far as the browsers are concerned.

from minimal-mistakes.

Okay, i've finally figured out exactly what's going on. I use HTTPS Everywhere, the browser plugin that forces https where available. Github pages supports ssl. Firefox, and Chrome block mixed content on https sites. I'm glad it was me that caught this behaviour on my blog, and not an end user.

Let me repeat, that screenshot is for http://mmistakes.github.io/minimal-mistakes/
It is not a screenshot of my fork, or my blog, but the demo site linked to in the README.md file.

I'd love to fix this up myself. I noticed that the theme makes extensive use of the {{ site.url }} variable everywhere. Why not just replace that with proactive links, as recommended on the Mozilla Developer Network here?

Also, adding a comment recommending https:// for url in _config.yml would automatically mean ssl for everyone.

from minimal-mistakes.

Thank you, this fixed the CSS for me! 😄

I understand, however, I'm sure adding a comment in the config.yml
encouraging //yourdomain.com like you just explained about to me would
make the site available to a lot of HTTPS Everywhere users too. It's very
little cost to ensure compatibility with many different people.

Yours isn't the only theme that breaks, I've run into a few others too, but
it's a small fix. Wouldn't you agree?

-amingilani

On Sun, Aug 24, 2014 at 2:32 AM, Michael Rose [email protected]
wrote:

Closed #76 #76.

—
Reply to this email directly or view it on GitHub
#76 (comment).

from minimal-mistakes.

For what it's worth @mmistakes, Google is now ranking sites that have a valid certificate and crypto available above sites without it in terms of reputation for search results and I suspect that will be a practice adopted by others.

My personal belief is that https is not necessary to protect my content or transactions for my weblog, but it's trivial to implement and gives some assurance that the site you're getting data from is reliable enough to validate their identity with a CA in some way and I think SSL-enabled sites should be given preferential treatment when it comes to reputation.

from minimal-mistakes.

I get all that @emory and it makes a ton of sense to someone who understands how this stuff works. Agreed that it's fairly easy to implement 99.9% of the time. It's that .01% that causes me headaches.

Introduce a few best practices, keep things as simple as possible, and leave it up to the user to fork and do as they please has always been my view. A good majority of those using the themes still can't set site.url properly, and trying to explain the benefits of http:// vs. https:// vs. // is something I want to avoid at all costs. 😉

from minimal-mistakes.