Mixed content on https://dev.twitter.com/rest/tools/console


#1

Howdy,

Chrome is reporting some unsafe script loading when I hop into https://dev.twitter.com/rest/tools/console

Mixed Content: The page at ‘https://dev.twitter.com/rest/tools/console’ was loaded over HTTPS, but requested an insecure resource ‘http://184.72.221.111/static/blank.html?apig_cc=1’. This content should also be served over HTTPS.

Is anyone @ twitter aware of this?

Cheers,
Reynald


#2

Yes, we are aware of it, but unfortunately the Apigee console that we are embedding there is a legacy product and we’ve been unable to resolve this with them. Appreciate the concern. I’m not aware of a specific vulnerability there.


#3

Thanks for checking @andypiper .