-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
insecure includes #110
Comments
we could ditch IRC and run a chat backend as part of our rails app: |
ditch IRC? but lots of people use 3rd party clients. Also you would make On Wed, Jun 25, 2014 at 6:39 PM, Bryan Bonvallet notifications@github.com
|
If we cut http, all the people who don't use external clients won't have access to the chat. I'm thinking the few hard cores can deal with leaving IRC if it is better for everyone else. Alternatively we figure out how to get the IRC client behind SSL. |
"leaving" as in Publiclab using a different venue. Dogi will be on IRC either way ;) |
related to #58 |
IRC client now behind SSL; resolved. Addressing this in jywarren/web#15. |
We also need to re-code instances of non-ssl in the codebase itself - wherever we use |
In-code references are resolved now. |
Most content has now been changed in the database -- both DrupalNodeRevisions and DrupalComments:
Except: We're probably going to put both of those under SSL so their embeds work. |
This is looking good -- also scrubbed groups.google.com references in code for SSL. It's harder and harder to find a page that doesn't have the green lock icon now -- no warnings on any page I've seen. |
This is almost as done as we can make it within this codebase -- we're working on MapKnitter and SpectralWorkbench SSL certs. Once those are in place, we can finish this out with one last database batch change. |
Complete! |
following from #109, chrome is complaining about (and likely blocking) some scripts.
Pulled this out of the console:
warning about an images:
The page at 'https://publiclab.org/notes/mathew/2-1-2013/american-kite-fishing-low-tech-kite-balloon-hybrid' was loaded over HTTPS, but displayed insecure content from 'http://publiclab.org/sites/default/files/imagecache/default/Screen%20shot%202013-01-31%20at%2010.26.29%20PM.png': this content should also be loaded over HTTPS.
The page at 'https://publiclab.org/notes/mathew/2-1-2013/american-kite-fishing-low-tech-kite-balloon-hybrid' was loaded over HTTPS, but displayed insecure content from 'http://publiclab.org/sites/default/files/imagecache/default/Screen%20shot%202013-01-31%20at%2010.26.29%20PM.png': this content should also be loaded over HTTPS.
chat is blocked on HTTPS:
[blocked] The page at 'https://publiclab.org/notes/mathew/2-1-2013/american-kite-fishing-low-tech-kite-balloon-hybrid' was loaded over HTTPS, but ran insecure content from 'http://chat.treehouse.su/?channels=publiclab&nick=btbonval': this content should also be loaded over HTTPS
Looks like Dogi never got a certificate for treehouse.su, so chat won't be available on https publiclab until we can encrypt it.
Although IRC is one of the least secure forms of communication I can think of. It'd kind of be a lie to have an IRC script run on https, because it's open text once it goes from the web backend to IRC.
The text was updated successfully, but these errors were encountered: