On October 12, the central University site (www.ed.ac.uk) will be amended to provide secure delivery. This could mean you have changes to make to your EdWeb site.

The move to secure delivery (protocol) means the address of the website will change format:

http://www.ed.ac.uk
will become
https://www.ed.ac.uk

Forthcoming changes to major browsers have made this change necessary, but acting now will make our site more secure and trusted by visitors. This will not mean that visitors need to log in to see the site, but instead the site will be sent to their browsers securely.

Why we’re making the University central website secure

All existing website traffic trying to reach http://www.ed.ac.uk will be redirected automatically to the secure version of the page. Your content pages in EdWeb will work as normal, but the address you see when editing a page will change to be in the format:

https://www.edweb.ed.ac.uk

Your EASE secured pages will also be directed to this address, but will continue to work as usual. Further, all existing redirects/short URLs; all Web Applications; and any JavaScript integrations will continue to work as before.

HTML assets – action required

If you have embedded HTML assets on your EdWeb site, it is possible you may need to correct them once the site is moved to https://.

• University Website Programme widgets (to embed HTML from sources such as Twitter, YouTube, Vimeo, or to integrate PURE profiles – and if you use Media Hopper embeds)
  • no action is needed, as we can automatically enforce these to use secure delivery.
• Other HTML assets that embed from external http:// sources – as visitor browsers will likely block these, you will need to take action.
  • action could be required – to check: in Google Chrome (which highlights this best), look at your page in preview – if the asset does not show, it will be affected once the site is secured.

To fix this – take the link of the external source you are embedding, and change the http:// to https:// – if you can visit this link in your browser, then this source will supply secured embeds (YouTube and Google Calendars should act this way). Once these changes are deployed to EdWeb on 12th October, you will need to edit your asset so that the source is https:// – regrettably, you cannot do this in advance, as the HTML purifier will strip out the link (this rule is being changed on 12 October).

If your source does not work using https://, then it will not work after October 12. You should ensure (or ask) the provider of the external source to provide secure embeds, or use another service for your embed.

Step-by-step instructions on editing HTML assets

If you have any questions regarding specific embeds, please let us know: website.support@ed.ac.uk

If you have any questions you think the rest of the community could benefit from, please comment below, and we’ll respond as quickly as possible. Many thanks, in advance.