Ckeditor CDN use skin in HTTPS

Question

I'm using CKEDITOR CDN like this

<script src="https://cdn.ckeditor.com/4.5.10/full-all/ckeditor.js"></script>

var instance = CKEDITOR.replace('myEditor'), {
            customConfig: '/path/to/my/config.js',
        });

And in my config.js

CKEDITOR.editorConfig = function (config) {
    config.defaultLanguage = 'fr';
    config.skin = 'moonocolor';
};

I got this error

Mixed Content: The page at 'https://local.mysite.fr/app_dev.php/admin/page/4' was loaded over HTTPS, but requested an insecure script 'http://cdn.ckeditor.com/4.5.10/full-all/skins/moonocolor/skin.js/'. This request has been blocked; the content must be served over HTTPS.

What am I doing wrong ? Is there a way to ask CKEDITOR to load skins in HTTPS ?

Answer 1

That message is misleading. Here's what's happening:

If the skin is found (moono, for instance), it's accessible both over HTTP and HTTPS:

https://cdn.ckeditor.com/4.8.0/full-all/skins/moono/skin.js

http://cdn.ckeditor.com/4.8.0/full-all/skins/moono/skin.js

But moonocolor is not on the CDN, and cdn.ckeditor.com redirects all 404s to HTTP, leading to the browser reporting that you are being served insecure content.

I haven't been able to find any clear documentation about this, but it seems that ckeditor only includes a few official skins on the CDN. If you want to use one that's not hosted there, you'll need to serve it from your own server (How can I use the CDN version of CKEditor with an alternative skin hosted on my server? might be a good place to start for that).