From 6cf586aae654f5f1c696b95672d3e66cdfde0589 Mon Sep 17 00:00:00 2001
From: Lev Gimelfarb <lev.gimelfarb@gmail.com>
Date: Sun, 26 Jan 2014 17:21:24 -0500
Subject: [PATCH] Fix error page resources loading when forceAdminSSL is true

closes #1837
- moved admin theme static resource service above 'checkSSL', otherwise
  when forceAdminSSL is true it will try to redirect them to HTTPS, and
  error pages will be unstyled
---
 core/server/middleware/index.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/core/server/middleware/index.js b/core/server/middleware/index.js
index 10078d91f0..03705b7197 100644
--- a/core/server/middleware/index.js
+++ b/core/server/middleware/index.js
@@ -227,13 +227,16 @@ module.exports = function (server, dbHash) {
     // First determine whether we're serving admin or theme content
     expressServer.use(manageAdminAndTheme);
 
-    // Force SSL
-    expressServer.use(checkSSL);
-
 
     // Admin only config
     expressServer.use(subdir + '/ghost', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/client/assets'), {maxAge: ONE_YEAR_MS})));
 
+    // Force SSL
+    // NOTE: Importantly this is _after_ the check above for admin-theme static resources,
+    //       which do not need HTTPS. In fact, if HTTPS is forced on them, then 404 page might
+    //       not display properly when HTTPS is not available!
+    expressServer.use(checkSSL);
+
     // Theme only config
     expressServer.use(subdir, middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme()));