Last modified: 2011-09-29 21:41:27 UTC
The current reCAPTCHA module in ConfirmEdit does not support loading the CAPTCHA via HTTPS. This will cause "insecure content loaded" warnings when browsing on an HTTPS-enabled wiki. To get support for this, two changes are needed: * Update recaptchalib.php to the current version as provided by Google. The bundled version in ConfirmEdit still has the old host names, while Google uses google.com, especially for the HTTPS service. There are redirects in place, but they might cause certificate warnings. * Use a HTTPS url when the wiki request itself was made via HTTPS as well. I'll attach patches for both.
Created attachment 9124 [details] Updates recaptchalib.php to the most recent version provided by Google
Created attachment 9125 [details] Enables HTTPS support when requesting the CAPTCHA
Nice catch, thanks! Applied on trunk in r98461, REL1_18 in r98465. I don't think we have it enabled on our own production wikis, so not worrying about 1.18wmf1 tweaks atm. ReCaptcha isn't in the 1.17 version of ConfirmEdit, but in case the 1.18 or trunk versions get used on 1.17 and are otherwise compatible I've replaced the WebRequest::detectProtocol() call with a direct check on $_SERVER['HTTPS']. Confirmed that this resolves mixed-content security errors on captcha display on one of my sites when run over https. Yay!