Bug #9389

Use https links to avoid mixed content warnings from browsers

Added by Jesús García Crespo over 4 years ago. Updated over 4 years ago.

Status:VerifiedStart date:02/01/2016
Priority:MediumDue date:
Assignee:Mike Gale% Done:

0%

Category:Security
Target version:Release 2.2.1
Google Code Legacy ID: Tested version:2.2, 2.3
Sponsored:No Requires documentation:

History

#2 Updated by Jesús García Crespo over 4 years ago

  • Status changed from New to QA/Review
  • Assignee changed from Jesús García Crespo to Dan Gillean

This is in qa/2.3.x. If we can verify this we should probably backport to stable/2.2.x right?

#3 Updated by David Hume over 4 years ago

Have deployed Jesus' code changes. We recently discovered when that, when logged in on a site with SSL security setting activated, virtually any page went to (including administrative ones like "Settings") the green padlock indicating the site was fully secure had the extra symbol (roughly "/!\" in Firefox e.g.) that indicated "mixed content" (not fully secure). Probably due to references hidden on the page to non-secure URLs like

Qubit.updateCheck.url = 'http://www.accesstomemory.org/check/v2/';
         etc.

which have now been pointed to https since those reference sites support that.

If fixed, should not see any indication of "mixed content", just a clean padlock on each page.

Need any clarifications Dan, just let me know.

- David H.

#4 Updated by Dan Gillean over 4 years ago

  • Status changed from QA/Review to Verified

Spent a bunch of time checking it out, all came back looking good!

#5 Updated by Dan Gillean over 4 years ago

  • Status changed from Verified to In progress
  • Assignee changed from Dan Gillean to Jesús García Crespo

Assigning back to JGC for back-porting to stable/2.2.x

#6 Updated by Mike Gale over 4 years ago

  • Status changed from In progress to Verified
  • Assignee changed from Jesús García Crespo to Mike Gale

I've back ported this to 2.2.x.

Also available in: Atom PDF