Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only use https links in HTML #401

Open
2 of 5 tasks
acka47 opened this issue Jul 11, 2019 · 8 comments
Open
2 of 5 tasks

Only use https links in HTML #401

acka47 opened this issue Jul 11, 2019 · 8 comments
Assignees
@fsteeg @acka47

Comments

@acka47
Copy link
Contributor

acka47 commented Jul 11, 2019
edited by dr0i
Loading

As switching to https everywhere with #352 wasn't a good idea, we should at least only use https links in the HTML (and maybe add redirects for lobid.org, lobid.org/resources, lobid.org/gnd and lobid.org/organisations) so that at least browsers have https everywhere.

[Edit: As I misunderstood how the pages currently work (i.e. with relative links), this issue comment was completely bogus at first. It's better now.]

Currently all three services use relative links, i.e. when you are on a http page the links are http, on a https page, the links are https. It would be great to enforce https links everywhere, even if you are starting on a http page.

  • Also, on the team page (even with https) we should use https links to the member pages.
  • lobid
  • lobid-organisations
  • lobid-resources
  • In lobid-gnd, besides the internal links, it also uses some http links to external vocabularies (Sachgruppen, Geschlecht and Ländercodes) and EntityFacts. I don't know whether we have to fix that.

Please open separate issues in the corresponding repos if needed.
@acka47 acka47 mentioned this issue Jul 11, 2019
Closed
@dr0i
Copy link
Member

dr0i commented Jul 11, 2019
edited
Loading

Also, on the team page (even with https) we should use https links to the member pages

yeah, but that means to have https enabled domains. E.g. mine isn't. And now to just link to them using https result in a SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE and in newer browser you cannot ignore that, meaning you can't lookup the page.

@dr0i
Copy link
Member

dr0i commented Jul 11, 2019

The solution for the team-page, to have get a green secure lobid page, would be in not embedding pictures taken from http-domains but e.g. to copy the pictures locally and serve them from there.

@acka47
Copy link
Contributor Author

acka47 commented Jul 11, 2019

I was just talking about the links from the team page to the individual profiles. They are always http.

dr0i added a commit that referenced this issue Oct 7, 2019
@dr0i
Use https instead of http where appropriate
37a47f9 
Not all links are already https enabled. Those who are should be used, though.

See #401.
@dr0i dr0i mentioned this issue Oct 7, 2019
Merged
@dr0i dr0i self-assigned this Oct 7, 2019
dr0i added a commit that referenced this issue Oct 7, 2019
@dr0i
Use https instead of http where appropriate
7db2dcd 
This changes the landing page, bot german and English version.
Not all links are already https enabled. Those who are should be used, though.

See #401.
@dr0i
Copy link
Member

dr0i commented Oct 7, 2019

@fsteeg I think the landing pages of resources, organisations and gnd are treated via their play app instances, yes? Then we shall open issues in the respected repos, like @acka47 said.

@dr0i dr0i assigned fsteeg and unassigned dr0i Oct 7, 2019
@acka47
Copy link
Contributor Author

acka47 commented Oct 30, 2019

Currently, the "language" icon (🌎) and the "information" icon (🛈) are broken in both chrome and firefox when viewing the non-https version, see http://lobid.org/. This would be solved when using https everywhere for this page (and for the landing apges of the three services).

@acka47
Copy link
Contributor Author

acka47 commented Oct 30, 2019

I think we should solve this issue with a redirect (https only) for the landing pages of lobid, team and the three services.

@dr0i
Copy link
Member

dr0i commented Nov 5, 2019

Re "icons": these were fixed by setting the CORS header. @acka47 please ack.

@acka47
Copy link
Contributor Author

acka47 commented Nov 5, 2019

Re "icons": these were fixed by setting the CORS header. @acka47 please ack.

+1

@dr0i dr0i removed their assignment Nov 5, 2019
@rettinghaus rettinghaus mentioned this issue Feb 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fsteeg fsteeg

@acka47 acka47

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fsteeg @acka47 @dr0i