Security of a solidres powered website

I have been checking security of the website powered by solidres (hub) version and noticed that some browsers (e.g. Opera) will show a mixed content error and thus blocking some content.
Our website is SSL enabled (using Let's Encrypt).
To further check the website I used this tool: www.whynopadlock.com
This site returned a (Hard Failure) due to CSS missing file.
Page: templates/luxuria/theme.config.php (luxuria may be replaced with some other Solidres template)
in line No. 113, reading:
$this->addFile('css', 'css:custom.css');
This call is causing the (Hard Failure) reported above. I noticed that this file is missing from the system.
Thus I copied the file: custom.css.dist (at CSS folder) and renamed it to custom.css (although blank file)
And the problem was resolved.
To further inspect for more possible http content, I searched all website files and noticed the following:
No. 1: there are few external links to outside content using http. Example is using http_://twitter.com instead of "https_://twitter.com".
Also using http_://www.w3.org instead of https_://www.w3.org.
I am not very sure that such referrals could cause and vulnerability, but I think to fully secure the platform one shall make it as perfect as possible.
No. 2: In page: components/com_solidres_views/reservationasset/view.html.php
Line no.: 366 reading:
$this->document->addCustomTag('<meta property="og:url" content="' . JRoute::_('index.php?option=com_solidres&view=reservationasset&id=' . $this->item->id, true, true) . '"/>');
For some reason, the returned output URL from that statement is not https (it is http). When hard coding the url however; the issue is fixed.
I hope some solution to this case exists and that Solidres team may take care of the issue.

Have a great time

Hi,

This is actually very simple to solve, you can just rename the file custom.css.dist to custom.css and done.

Regards,