If /nf/tool_icon_css is served from an HTTPS URL, it should try to use https URLs in its output. Or something like that, so that browsers don't give mixed-security content warnings.
All the code to generate the URLs was working correctly, we were just caching g.tool_icon_css too heavily with @LazyProperty so the current scheme wasn't being used after the first hit.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Also, this only occurs when ew.url_base and/or static.url_base are set to a different location (e.g. using a CDN) like ://my.cdn/allura/nf/%(build_key)s/_ew_/
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The call chain to generate these URLs is deep. A few key stops along the way are:
g.tool_icon_cssg.theme_href()ew.ResourceManager.absurlew.core.widget_context, aStackedObjectProxyew.middleware.WidgetMiddleware.__call__allura:db/7009
All the code to generate the URLs was working correctly, we were just caching
g.tool_icon_csstoo heavily with@LazyPropertyso the current scheme wasn't being used after the first hit.Also, this only occurs when
ew.url_baseand/orstatic.url_baseare set to a different location (e.g. using a CDN) like://my.cdn/allura/nf/%(build_key)s/_ew_/Another commit on db/7009 to fix the same over-caching issue, but this time for 3rd party Apps' icon urls.