Closed Bug 667367 Opened 14 years ago Closed 14 years ago

UTest Bug ID: 180361 - Security message about https://webifyme-dev.allizom.org/en-US/ from Chrome

Categories

(Websites :: webifyme.org, defect)

Product:
Websites
Component:
webifyme.org
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: webqa.utest, Assigned: brez)

References

Details

Attachments

(1 file)

SecurityMessage.png
129.64 KB, image/png
Details
Attached image SecurityMessage.png
PC WinXP, Home edition, Version 5.1.2600, SP3 Build 2600 Russia Chrome 10.0.648.205 https://webifyme-dev.allizom.org/en-US/ 1. Open https://webifyme-dev.allizom.org/en-US/ in Chrome. 2. Click on lock icone near to URL Expected: There is should be no warning messages there. Actual: There is the warning message there: "... These can be viewed by others while in transit, and can be modified by an attacker..."
Status: NEW → UNCONFIRMED
Ever confirmed: false
Assignee: nobody → krupa.mozbugs
This is most likely caused by the Tweet Button not supporting HTTPS. One option is to use the Create your own Tweet Button approach instead of Twitter's code snippet. More info here: http://dev.twitter.com/pages/tweet_button_faq#https
William is correct. Twitter doesn't yet serve up their buttons via HTTPS. HTTPS is enabled, but the certificate is not signed so it will throw errors on some browsers. The easiest and quickest option is to get rid of the Twitter incrementing counter and just put a twitter button hosted locally and link it to something like: https://twitter.com/share?url=https://webifyme.org&via=Mozilla&text=What does your unique Web look like? Locally hosting the image and the JavaScript to get the counter is a lot more work and personally I don't think the extra effort. A local hosted twitter icon replacing the iframe with a link like above is "good enough". William: thoughts? If this is what we want, I would assign it back to Brez.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Anyone? I would recommend just having a simple twitter button and not use their iframe. This would also be the quickest change given our timeline to launch.
The twitter iframe is not working at all, because it is set to src="https://..." and twitter has not signed their SSL certificate. Changing it to http:// will make it work in Firefox, but it will throw security errors in IE and Chrome because of the mixed protocols. We have two options: 1) Change it to http and deal with the non-firefox security errors 2) Change it to a regular twitter button with a local image that will not auto increment.
Assignee: krupa.mozbugs → jbresnik
The facebook iframe is set to http thus it will also probably throw security errors in Chrome for the same reason.
We need someone to chose a direction so Brez can address this bug.
Assignee: jbresnik → williamr
Brez: please go with option 1 in comment 4.
Assignee: williamr → jbresnik
All set: https://github.com/mozilla/webifyme/commit/0b3e16dce61c79cf919eb5ec2420dd5943438598
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Brez: Does the twitter share button still show up blank when you view -dev? It does for me and the auto-generated iframe is set to https even though you said the anchor link to http in github.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Brez: here is a fix for it: http://dev.the6hours.com/wrong-certificate-for-platform0twittercom It looks like twitter is trying to be a bit too smart. They are checking to see if the website is https and using the https iframe button, but that one doesn't have a signed certificate.
All set https://github.com/mozilla/webifyme/commit/ebab1f4acac10e9754470eb11dd7f6eba775e349
Status: REOPENED → RESOLVED
Closed: 14 years ago14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: