for https

Hi I've noticed that https sites using http://b.tile.osm.org/ lose the green padlock for pages that include OSM maps. On Firefox, they show the black padlock+alert sign, and the message "Warning: Connection is Not Secure" Wouldn't it be a good idea to move http://b.tile.osm.org/ to https://b.tile.osm.org/ ? Or is there an alternative ?

asked 07 May '18, 10:58

trevoh
9●2●2●3
accept rate: 0%

2 Answers:

active answers oldest answers newest answers popular answers

Stripping http from the source?

src='//b.tile.osm.org'

Let the browser determine the connection type.

Edit

You'll have to host the JS files yourself to make the change. There are some tile providers that use SSL.

https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png

ESRI: https://esri.github.io/esri-leaflet/examples/basemap-with-labels.html

MapQuest: https://otile2-s.mqcdn.com/tiles/1.0.0/map/{z}/{x}/{y}.png

permanent link

answered 07 May '18, 14:25

gfitz
46●3●4●7
accept rate: 0%

edited 14 May '18, 00:24

Two reactions to gfitz

Can't change the source when tiles are called by an external program such as https://cdnjs.cloudflare.com/ajax/libs/openlayers/2.11/lib/OpenLayers.js not directly by website.

And 2 Can anyone at osm do anything to get a valid certificate ? Which would be the best solution :)

(07 May '18, 14:38) trevoh

Check the second edit

(07 May '18, 15:20) gfitz

https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png makes the difference. It shows the green padlock, whereas http://{s}.tile.osm.org/{z}/{x}/{y}.png produces the insecure connection warning. Thanks

(07 May '18, 15:59) trevoh

You are welcome. Please mark as solved if it helped

(07 May '18, 16:09) gfitz

osm.org points to the same place as openstreetmap.org - it's always just been a shortcut to it. The certificates on those sites is for "(something).openstreetmap.org". If you have a look at the https certificate associated with a random tile such as "https://a.tile.osm.org/9/253/166.png" you'll see that it is for "tile.openstreetmap.org". Clearly this "doesn't match", so you end up with the browser warning.

Back when OpenStreetMap served http tiles no error would occur, though you'd get the same tiles as if you'd asked for http://b.tile.openstreetmap.org/. Now the same tiles are served, but over https, and the certificate doesn't match.

The question, of course, is why is anything referring to http://b.tile.osm.org/ in the first place? Presumably someone's defined a tile layer (in e.g. LeafLet or OpenLayers) using that, and it needs to be changed from "osm.org" to "openstreetmap.org". If you can let people know where you're getting this error they may be able to investigate further.

permanent link

answered 13 May '18, 20:57

SomeoneElse ♦
36.9k●71●370●866
accept rate: 16%

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

tiles ×287
https ×19
security ×10
padlock ×1

question asked: 07 May '18, 10:58

question was seen: 11,972 times

last updated: 14 May '18, 00:24

http://b.tile.osm.org/ for https

Edit

Follow this question

Related questions