https non-secure on Ascendant campaigns

weasel0
weasel0
edited June 2016 in Feature Requests
Okay, I've looked at several campaigns; both mine and others owned. It seems sporadic amongst Ascendant campaigns. I even removed all the CSS from one of my code testing campaigns and it still had errors on all the .public pages and the Settings page. Other campaigns had other combinations of errored pages. Only campaign I found with no errors was a non-Ascendant campaign. Just updated to Firefox 47 and comp is all up to date. Been seeing this for about a week/week and a half.

Is this just my computer being picky or am I not alone in this? Also already sent in a ticket but wanted feedback.

Comments

  • cgregory
    cgregory
    Posts: 7
    It appears that the https pages are mixed content pages.

    Some images have an https connection and some have an http connection.

    There doesn't seem to be any consistency as to which images are http and which are https.

    You can see this if you click on the "!" symbol before the https then the > tab then click on more information and then the Media tab when viewing in firefox.
  • OPSupport
    OPSupport
    Posts: 93
    A note on Site SSL Support

    Many users expressed a desire to access the website from a work and/or school setting, frequently behind a firewall or proxy. After considering user feedback (both current and historical) the development team recently made the decision to fully support HTTPS for OP moving forward across the entire site. Historically, the existing website, like many legacy sites- did not have full support for secure browsing on a site-wide basis. The technical teams whom originally worked on the site neither supported nor unilaterally enforced HTTPS browsing from the start for whatever reason. Only select areas of the site were secured as may have been required.

    While providing full site-wide HTTPS support was an ambitious goal for numerous technical reasons, the team opted for a phased approach to rolling this out and begin the track towards providing a better experience while browsing the site securely. A lot of work has been occurring to make this better.

    The first step- recently, the team made a series of substantial changes which allows viewing the site over HTTPS. From an infrastructure and app perspective (load balancer, web server, etc.) OP now does fully support browsing via HTTPS. However, that's just the first step in the road map.

    Today, if you are browsing OP in HTTPS you are bound to encounter mixed-mode content at this time on some sections of the website. Users ultimately control their own content on many pages of the site, and if they explicitly insert the protocol handler as part of an A HREF tag for example, off-link, pull in third party fonts, etc. it can most definitely lead to mixed mode content. This often manifests itself as a browser warning showing that some areas may not be not secure, and most browsers may show an alternative down-level icon to the standard green padlock in the address bar. Also, some areas of the site (forums, old support area) simply did not have support for various reasons and are being upgraded and/or deprecated.

    The next phase, the team is working on cleaning up issues in the code base which would lead to a mixed-mode experience while browsing the site over SSL. This includes the main site, new forums, and blog moving forward.

    The end-goal in the current road-map, is to eventually move OP as well as all of its site content to fully support viewing via HTTPS by redirecting all requests to the HTTPS version of the website. This will likely involve coordination with campaign owners, as well as some automated solutions to expedite the process which are currently being investigated.

    Hope that helps.
  • weasel0
    weasel0
    Posts: 36
    Which makes complete sense if someone links to offsite content. The mixed content I'm getting is all hosted by OP...technically. I don't know who owns the media hosting. Whoever cloudfront.com is is the source of what I'm seeing.
  • OPSupport
    OPSupport
    Posts: 93 edited June 2016
    Cloudfront was the previous CDN provider for the site. The team is in the process of deprecating them at this time. I have opened a ticket so the team can investigate the URL linking behavior on uploaded files as it may pertain to mixed mode content.
    Post edited by OPSupport on
  • SkidAce
    SkidAce
    Posts: 46
    Does that mean if I built direct links to pictures using the clouldfront address they will break? Or will they transition?
  • Maesenko
    Maesenko
    Posts: 325

    Has there been any progress on this end since June 11 you can tell us?  And as for Cloudfront being depreciated, what is taking its place as the new provider?  (My guess is the media locker.)

    ~Mae

    CotM Selection Committee

  • OPSupport
    OPSupport
    Posts: 93

    Yes, a lot of progress has been made on HTTPS support at this time. 

    - The new forums are fully HTTPS from the get go.

    - The existing side has begun to be transitioned to HTTPS

    - Cloud front links should be migrated very soon to HTTPS

    - Other areas of the site are being converted to HTTPS as the team works thru them.

     

Sign In or Register to comment.

October2022
Wildside

Read the feature post on the blog
Return to Obsidian Portal

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Discussions