Ensure SSL is respected in all places

lib/handlers/bin.js

@@ -223,7 +223,7 @@ module.exports = Observable.extend({
           resolve();
         }
       }).then(function () {
-        this.formatPreview(req.bin, options, function (err, formatted) {
+        this.formatPreview(req, req.bin, options, function (err, formatted) {
           if (err) {
             next(err);
           }
@@ -672,7 +672,7 @@ module.exports = Observable.extend({
       var filename = ['jsbin', bin.url, bin.revision, 'html'].join('.'),
           options  = {analytics: false, edit: false, silent: true};
 
-      this.formatPreview(bin, options, function (err, formatted) {
+      this.formatPreview(req, bin, options, function (err, formatted) {
         if (err) {
           next(err);
         }
@@ -739,7 +739,7 @@ module.exports = Observable.extend({
             _this.render(req, res, results);
           } else {
             var options = {edit: true, silent: true, csrf: req.session._csrf};
-            _this.formatPreview(results, options, function (err, formatted) {
+            _this.formatPreview(req, results, options, function (err, formatted) {
               if (err) {
                 next(err);
               }
@@ -832,7 +832,8 @@ module.exports = Observable.extend({
           helpers = this.helpers,
           version = helpers.set('version'),
           created = req.flash('checksum') || {},
-          ssl = features('sslForAll', req),
+          sslForAll = features('sslForAll', req),
+          ssl = req.embed ? req.secure && sslForAll : sslForAll,
           root = helpers.url('', true, ssl),
           _this = this,
           production = (req.cookies && req.cookies.debug) ? false : helpers.production,
@@ -1170,7 +1171,7 @@ module.exports = Observable.extend({
 
     // nothing returned as it updates the bin object
   },
-  formatPreview: function (bin, options, fn) {
+  formatPreview: function (req, bin, options, fn) {
     metrics.increment('bin.rendered');
     this.applyProcessors(bin);
 
@@ -1198,8 +1199,8 @@ module.exports = Observable.extend({
 
       // Include 'Edit in JS Bin' button
       if (options.edit) {
-        var data = {static: helpers.urlForStatic(''), root: helpers.url('/', true), csrf: options.csrf};
-        insert.push('<script src="' + helpers.urlForStatic('js/render/edit.js?' + helpers.set('version')) + '"></script>');
+        var data = {static: helpers.urlForStatic('', req.secure), root: helpers.url('/', true, req.secure), csrf: options.csrf};
+        insert.push('<script src="' + helpers.urlForStatic('js/render/edit.js?' + helpers.set('version'), req.secure) + '"></script>');
         insert.push('<script>jsbinShowEdit(' +  JSON.stringify(data) + ');</script>');
       }
 
@@ -1208,7 +1209,7 @@ module.exports = Observable.extend({
       if (!options.silent && _this.models.bin.isStreaming(bin)) { // jshint ignore:line
         _this.emit('render-scripts', scripts);
         insert = insert.concat(scripts.map(function (script) {
-          script = script.indexOf('http') === 0 ? script : helpers.urlForStatic(script);
+          script = script.indexOf('http') === 0 ? script : helpers.urlForStatic(script, req.secure);
           return '<script src="' + script + '"></script>';
         }));
       }

lib/routes.js

@@ -160,6 +160,7 @@ module.exports = function (app) {
   app.get(/(?:.*\/(edit|watch|download|source)|^\/$)$/, function (req, res, next) {
     var ssl = features('sslForAll', req);
 
+
     if ( (!req.secure && ssl) || // a) request *should* be secure
          (req.secure && !ssl) ) { // b) request is secure and *should not* be
       var url = sandbox.helpers.url(req.url, true, ssl);
@@ -180,7 +181,7 @@ module.exports = function (app) {
 
   // Runner
   app.get('/runner', function (req, res) {
-    var statik = sandbox.helpers.urlForStatic(undefined, features('sslForAll', req));
+    var statik = sandbox.helpers.urlForStatic(undefined, req.secure && features('sslForAll', req));
     res.render('runner', {
       scripts: app.get('is_production') ? false : scripts.runner,
       static: statik

public/js/chrome/save.js

@@ -365,7 +365,6 @@ function saveCode(method, ajax, ajaxCallback) {
         var $binGroup,
             edit;
 
-        $form.attr('action', data.url + '/save');
         if (ajaxCallback) {
           ajaxCallback(data);
         }
@@ -377,6 +376,7 @@ function saveCode(method, ajax, ajaxCallback) {
         jsbin.state.code = data.code;
         jsbin.state.revision = data.revision;
         jsbin.state.metadata = { name: jsbin.user.name };
+        $form.attr('action', jsbin.getURL() + '/save');
 
         // getURL(true) gets the jsbin without the root attached
         // $binGroup = $('#history tr[data-url="' + jsbin.getURL(true) + '"]');

public/js/editors/keycontrol.js

@@ -58,7 +58,7 @@ if (!customKeys.disabled) {
     } else if (event.metaKey && event.shiftKey && event.which === 8) { // cmd+shift+backspace
       $('a.deletebin:first').trigger('click', 'keyboard');
       event.preventDefault();
-    } else if (event.metaKey && event.which === 83) { // save
+    } else if (!jsbin.embed && event.metaKey && event.which === 83) { // save
       if (event.shiftKey === false) {
         if (saveChecksum) {
           saveChecksum = false;

public/js/jsbin.js

@@ -1,5 +1,5 @@
 try {
-  console.log('Dave is ready!');
+  console.log('Dave is ready.');
 } catch (e) {
   window.console = {
     log: function () {
@@ -78,7 +78,9 @@ function exposeSettings() {
         console.log('jsbin.settings can how be modified on the console');
       }
     });
-    console.log('To edit settings, type this string into the console: ' + key);
+    if (!jsbin.embed) {
+      console.log('To edit settings, type this string into the console: ' + key);
+    }
   }
 }