Support HTTPS requests to expath.org

[joewiz]

HTTPS requests to https://expath.org return warnings like:

This server could not prove that it is expath.org; its security certificate is from cloud.fgeorges.org. This may be caused by a misconfiguration or an attacker intercepting your connection.

Certificate for <expath.org> doesn't match any of the subject alternative names: [cloud.fgeorges.org]

Would it be possible to adjust the configuration for the expath.org server to support HTTPS requests?

[ChristianGruen]

Hi @fgeorges, are you still around?

[fgeorges]

Hi @ChristianGruen. Thanks for the reminder. This issue is actually fixed, but I never closed it. Thank you, @joewiz for reporting it.

[ChristianGruen]

Thanks, Florent, great to hear from you.

I've decided to reopen the issue as various pages are not correctly displayed. See e.g. https://expath.org/spec/file

Do you think this could be fixed?

[fgeorges]

Ah, missed that (always used the HTTP version.) The problem is that the specs, maintained at https://github.com/expath/expath-cg/, are not ready to be served as HTTPS. In particular, the file https://github.com/expath/expath-cg/blob/master/specs/file/file-1.0.html (and probably the other versions as well as the other specs, but this is the one corresponding to the URL you pasted,) that files includes a link to http://www.w3.org/StyleSheets/TR/base.css.

The browser rejects it, it does not want to load a CSS file through HTTP from a page under HTTPS. It can be changed to //www.w3.org/StyleSheets/TR/base.css instead (by removing the scheme altogether,) then it should work (unless there is another such case, but I didn't see any.)

Can you do it, as the editor of the "File" spec?

[ChristianGruen]

Ah, missed that (always used the HTTP version.) The problem is that the specs, maintained at https://github.com/expath/expath-cg/, are not ready to be served as HTTPS. In particular, the file https://github.com/expath/expath-cg/blob/master/specs/file/file-1.0.html (and probably the other versions as well as the other specs, but this is the one corresponding to the URL you pasted,) that files includes a link to http://www.w3.org/StyleSheets/TR/base.css.

The browser rejects it, it does not want to load a CSS file through HTTP from a page under HTTPS. It can be changed to //www.w3.org/StyleSheets/TR/base.css instead (by removing the scheme altogether,) then it should work (unless there is another such case, but I didn't see any.)

Can you do it, as the editor of the "File" spec?

Thanks for the hint. I have fixed the URLs of the File Module and the .xsl files in expath/expath-cg#137, do you think it can be merged?

As it will be difficult to reach the editors of all other specs, can we possibly globally replace all affected URLs in the repository?

[ChristianGruen]

Hi @fgeorges, could you please give me an update if the PR can be merged? Thanks in advance!

[ChristianGruen]

@fgeorges Sorry to be pushy, but how can we take this further?

[joewiz]

I came across an affected page today: https://expath.org/spec/pkg.

I would love to be able to read the text on these pages and share links with people who would find their content readable.

@fgeorges I see that @ChristianGruen has prepared a PR that addresses this. If it's not too much trouble, could this be merged and applied to the expath.org server? Thank you!

[joewiz]

p.s. To illustrate the issue, here is how the page looks when visiting https://expath.org/spec/pkg: