Last modified: 2011-11-22 21:15:55 UTC
While loading https://www.mediawiki.org/wiki/Special:Code/MediaWiki/91123 I found that some sort of "mobile user survey" banner displayed in the sitenotice area, and a mixed-content warning popped up in my browser indicating something was loaded over unencrypted HTTP. I popped open Firebug to check the network panel to find the culprit and reloaded to populate it, but the banner disappeared and hasn't reappeared so can't confirm it just yet.
The offending image seems to be http://bits.wikimedia.org/skins-1.17/common/images/closewindow.png Here's the banner-loader output that triggers: insertBanner({"bannerName":"2011MobileReaders","bannerHtml":"<style type=\"text\/css\">\n\n#centralNotice.collapsed #mobileSurvey2011 {\n display: none;\n }\n\n#mobileSurvey2011 {\n position: relative;\n overflow: hidden;\n margin-bottom: 0.5em !important;\n background-color: #d7e4fa;\n background-repeat: repeat-x;\n border: solid 1px #a7d7f9; \n display: none;\n}\n\n#mobileSurvey2011-content {\n position:relative;\n padding: 30px 80px;\n text-align: center;\n}\n\n#mobileSurvey2011-logo {\n position: absolute;\n top: 20px;\n left: 25px;\n background-image: url(http:\/\/upload.wikimedia.org\/wikipedia\/commons\/thumb\/1\/12\/Wikimedia_logo_text_RGB.svg\/60px-Wikimedia_logo_text_RGB.svg.png);\n height: 60px;\n width: 60px;\n background-repeat: no-repeat;\n}\n\n#mobileSurvey2011 #cn-toggle-box {\n position: absolute;\n z-index: 98;\n top: 5px;\n right: 5px;\n }\n<\/style>\n\n<div id=\"mobileSurvey2011\">\n <div id=\"mobileSurvey2011-logo\"> <\/div>\n <div id=\"mobileSurvey2011-content\">\n <span style=\"font-size: 1.3em;\">Please take the <a class=\"variable_lp\" href=\"#\">2011 Wikipedia Mobile Readers Survey<\/a>.<\/span><br \/>\n <span style=\"font-style: italic; font-size: 0.9em;\">Share your experiences and improve mobile Wikipedia.<\/span>\n <\/div>\n <div id=\"cn-toggle-box\">\n <a href=\"#\" onclick=\"toggleNotice();$('#mobileSurvey2011').hide();return false;\"><img border=\"0\" src=\"http:\/\/bits.wikimedia.org\/skins-1.17\/common\/images\/closewindow.png\" alt=\"Close\" \/><\/a>\n <\/div>\n\n<\/div>\n<script type=\"text\/javascript\">\n\/\/include throttle\nvar throttle = 5;\nvar throttleVal = Math.floor(Math.random() * throttle);\nif (throttleVal == 0 ) {\n $('#mobileSurvey2011').show();\n $('head').append('<link rel=\"stylesheet\" href=\"http:\/\/wikimediafoundation.org\/tracker\/bannerImpression.php?req=css&surveyView=1 \" type=\"text\/css\" \/>');\n var url = 'http:\/\/wikimedia.limequery.org\/52291\/lang-'+wgUserLanguage;\n $(\"#mobileSurvey2011 a.variable_lp\").attr(\"href\",url);\n\n}\n<\/script>","campaign":"Mobile Readers Survey","fundraising":"0","landingPages":""});
These seem to be the offending banners: http://meta.wikimedia.org/w/index.php?title=Special:CentralNotice&method=listNoticeDetail¬ice=Mobile+Readers+Survey http://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=2011MobileReaders_anon
I added a note on [[meta:Help:CentralNotice]] recommending use of protocol-relative URLs for images. https://meta.wikimedia.org/wiki/Help:CentralNotice#Images
Now that you've posted the note, is there anything else to do?
Yeah that banner needs to be fixed!
Internet Explorer 9 debugging tools reports the "HTTPS compromised security" error message for the following 2 files : http://bits.wikimedia.org/skins-1.17/common/images/closewindow.png http://wikimediafoundation.org/tracker/banner/Impression.php?req=css&surveyView=1 It need to be fixed by using protocol relative URLs, by removing the http prefix: //bits.wikimedia.org/skins-1.17/common/images/closewindow.png //wikimediafoundation.org/tracker/banner/Impression.php?req=css&surveyView=1
Assigning to Tomasz, he'll know who to poke. :)
Appropriate changes made to banner
(In reply to comment #8) > Appropriate changes made to banner Thanks for taking care of it so quick Nimish.
I still cannot see changes. The http: prefix is still present in 2 templates used by the banner (6 occurrences) : 4 occurrences of http: in https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=2011MobileReaders_anon ... #mobileSurvey2011-logo { position: absolute; top: 20px; left: 25px; /** vvvvv-HERE **/ background-image: url(http://upload.wikimedia.org/wikipedia/commons/thumb/1/12/Wikimedia_logo_text_RGB.svg/60px-Wikimedia_logo_text_RGB.svg.png); ... <div id="mobileSurvey2011"> <div id="mobileSurvey2011-logo"> </div> <div id="mobileSurvey2011-content"> <span style="font-size: 1.3em;">{{{please-take}}}</span><br /> <span style="font-style: italic; font-size: 0.9em;">{{{share}}}</span> </div> <div id="cn-toggle-box"> <!-- vvvvv-HERE --> <a href="#" onclick="toggleNotice();$('#mobileSurvey2011').hide();return false;"><img border="0" src="http://bits.wikimedia.org/skins-1.17/common/images/closewindow.png" alt="Close" /></a> ... <script type="text/javascript"> //include throttle var throttle = 5; var throttleVal = Math.floor(Math.random() * throttle); if (throttleVal == 0 ) { $('#mobileSurvey2011').show(); /* vvvvv-HERE */ $('head').append('<link rel="stylesheet" href="http://wikimediafoundation.org/tracker/bannerImpression.php?req=css&surveyView=1 " type="text/css" />'); /* vvvvv-HERE */ var url = 'http://wikimedia.limequery.org/52291/lang-'+wgUserLanguage; ... 2 occurrences of http: in https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=2011MobileReaders ... #mobileSurvey2011-logo { position: absolute; top: 20px; left: 25px; /* vvvvv-HERE */ background-image: url(http://upload.wikimedia.org/wikipedia/commons/thumb/1/12/Wikimedia_logo_text_RGB.svg/60px-Wikimedia_logo_text_RGB.svg.png); height: 60px; width: 60px; background-repeat: no-repeat; } ... <script type="text/javascript"> //include throttle var throttle = 3; var throttleVal = Math.floor(Math.random() * throttle); if (throttleVal == 0 ) { $('#mobileSurvey2011').show(); $('head').append('<link rel="stylesheet" href="//wikimediafoundation.org/tracker/bannerImpression.php?req=css&surveyView=1 " type="text/css" />'); /* vvvvv-HERE */ var url = 'http://wikimedia.limequery.org/52291/lang-'+wgUserLanguage; $("#mobileSurvey2011 a.variable_lp").attr("href",url); ...
And still many occurrence of http: in https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=WCI_Registration
No one seems to react quickly...
All sorts of randomness was broken on this...all the URLs should be relative on those two active campaigns.
Some http: still exists in https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=2011MobileReaders_anon Thanks for resolution on other messages.
That banner has several issues with it and should not be used at all...I've intentionally blanked it so if it does get turned on by mistake it doesn't cause any problems.
Thanks again for resolution.
New global banners -> The problem come back. I request that everybody creating any global banner knows that http: prefix should be removed from any URL pointer to Wikimedia server. URL should be protocol relative in links, resource locations, script locations, ...
The banners I'm currently seeing logged out on https://en.wikipedia.org/ do not appear to include any non-SSL resources. (I'm seeing two Jimmy banners, no mobile user survey banners.) Can you copy-paste the target link from any triggering banners you're still seeing?
I can see it on commons (not logged in because I closed banner under my account). When on https://commons.wikimedia.org The image is http://upload.wikimedia.org/wikipedia/foundation/7/73/Jimmy_jacket_forest.png The link is https://wikimediafoundation.org/wiki/Special:LandingCheck?landing_page=L11_1114_FR_Jimmy&utm_medium=sitenotice&utm_campaign=C11_1114_WMFR&utm_source=B11_1114_Foundation_WMFR_JimmyGreen&language=en&country=FR But the problem is not to correct banner but to inform banner creators. Otherwise this bug will be reopened for each new banner.
Hrmmmmm well I don't see *any* fundraising banners on Commons, even logged out. Maybe they're flipping them on and off... where might they be hiding...
Ahh this should be a perfect place to find all offending banners: https://meta.wikimedia.org/wiki/Special:NoticeTemplate
Guilty party: https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_Foundation_WMFR_JimmyGreen_altbutton also: https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=WMDE_Nov15_B11 https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=WMDE_Nov15_0921
I don't know who are allowed to create banners. But authors should be informed about using protocol relative URLs.
The documentation already says that: https://meta.wikimedia.org/wiki/Help:CentralNotice#Images The problem ain't updating the documentation, it's finding how to contact whoever's maintaining them so they remember to actually follow it. :)
Found folks in #wikimedia-fundraising IRC channel who can help clean them up; apparently these are chapter fundraising banners, not from the WMF team, but they can clean them up and make sure info gets out.
Finding authors and their contributions in banners in not as easy as wiki pages. Thanks for resolving the problem.
The three linked above have been fixed; there are a bunch more: [15:47] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_Thermo <- this one's got some too (the termometer images) [15:47] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_Foundation_WMFR_JimmyGreen <- this one with Jimmy_jacket_forest.png again [15:48] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_JKwfCf_US <- and this [15:48] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_JKwfSM_US <- and this [15:48] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=WMDE_Nov14_0921 [15:49] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_btJKwF_FFFv0F0_US [15:49] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1114_JKwMf_US [15:49] <PhancyPhysicist> brion: someone has been bad! [15:49] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1113_btJKwF2_US [15:49] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1113_btJKwF30M_US [15:49] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1113_btJKwF_US [15:50] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1113_btBFwP_US [15:50] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_1113_bt1_US [15:51] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=WMDE_2011_Nov11_b [15:51] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=WMDE_2011_Nov11_a [15:51] <brion> https://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=B11_Donate_Jimmy_Thermo [15:52] <pgehres> brion: wow. I happen to know who created most of those banners and will mention it to them [15:52] <brion> thanks :) [15:52] <pgehres> np [15:52] <pgehres> If you're curious, read the CN logs...
Patricia Pena is going to send a reminder to people who create these banners. Please create a new bug if the problem pops up again.