Closed Bug 454796 Opened 17 years ago Closed 17 years ago

Recaptcha script needs to use SSL

Categories

(addons.mozilla.org Graveyard :: Administration, defect)

Product:
addons.mozilla.org Graveyard
Component:
Administration
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: wenzel, Assigned: wenzel)

Details

Attachments

(1 file)

SSL-aware recaptcha
1.62 KB, patch
lorchard
: review+
Details | Diff | Splinter Review
On the new user registration page, we are currently getting the Recaptcha script from http://api.recaptcha.net. That's a non-SSL site and (probably) leads to problems with some security settings due to the mixture of SSL and non-SSL content on one page. We should use Recaptcha over SSL, as shown in: http://recaptcha.net/apidocs/captcha/client.html (search for "ssl").
This patch will load the recaptcha code over their SSL interface if the AMO instance runs on SSL, over http (as before) otherwise.
Attachment #338197 - Flags: review?
Attachment #338197 - Flags: review? → review?(lorchard)
Attachment #338197 - Flags: review?(lorchard) → review+
Comment on attachment 338197 [details] [diff] [review] SSL-aware recaptcha Works for me. One caveat though - seems like using $_SERVER['HTTPS'] is an issue for some people. Wasn't for me, but some context: http://us3.php.net/manual/en/reserved.variables.php#74040
(In reply to comment #2) > (From update of attachment 338197 [details] [diff] [review]) > Works for me. One caveat though - seems like using $_SERVER['HTTPS'] is an > issue for some people. Thanks for pointing that out! In fact, in bootstrap.php, we set this explicitly because the app nodes don't serve HTTPS so we need to check for a header sent by the netscaler. In our case this should work because of that.
Checked into r18174. Thanks, everybody.
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: push-needed
Resolution: --- → FIXED
https://api-secure.recaptcha.net/challenge?k=6LffawIAAAAAAHpU3AOLYJuuleA63N2IpMsINglf&lang=en GET /challenge?k=6LffawIAAAAAAHpU3AOLYJuuleA63N2IpMsINglf&lang=en HTTP/1.1 Host: api-secure.recaptcha.net <snip> https://api-secure.recaptcha.net/js/recaptcha.js GET /js/recaptcha.js HTTP/1.1 Host: api-secure.recaptcha.net <snip> https://api-secure.recaptcha.net/image?c=02DrWNweRrx3W4bLVIY1gziNULFOezAT9WTMAFbSBVvhP2D_ZVxdXiVfRI_QyEpy_9Rh4DiHMnaS6Mfms1empwodbvu0--b1sU4Axn8HmXkD1vIGKK8e3JbZXgTceHFSftgpokXzLtr-WM2KP8D7TvLJHdNHd3Dh7Ygv9kGrQllZGdAW12TTJ4w-ojSbId9nR8zbtRbJlBOA3cclh7AyxlT6x-oiI7nu4IZFXxw1s43PXFtFjwAwMD GET /image?c=02DrWNweRrx3W4bLVIY1gziNULFOezAT9WTMAFbSBVvhP2D_ZVxdXiVfRI_QyEpy_9Rh4DiHMnaS6Mfms1empwodbvu0--b1sU4Axn8HmXkD1vIGKK8e3JbZXgTceHFSftgpokXzLtr-WM2KP8D7TvLJHdNHd3Dh7Ygv9kGrQllZGdAW12TTJ4w-ojSbId9nR8zbtRbJlBOA3cclh7AyxlT6x-oiI7nu4IZFXxw1s43PXFtFjwAwMD HTTP/1.1 Host: api-secure.recaptcha.net Verified FIXED on https://preview.addons.mozilla.org/en-US/firefox/users/register
Status: RESOLVED → VERIFIED
Keywords: push-needed
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: