Last modified: 2013-06-06 01:50:51 UTC
The link to the Asirra clientscript is hardcoded as http://. This causes mixed content warnings in internet explorer when viewed over a secure https:// connection and the CAPTCHA does not display. This can be fixed by modifying line 8 of Asirra.class.php from this: public $asirra_clientscript = 'http://challenge.asirra.com/js/AsirraClientSide.js'; to this: public $asirra_clientscript = '//challenge.asirra.com/js/AsirraClientSide.js';
Related URL: https://gerrit.wikimedia.org/r/62186 (Gerrit Change Id31041b90f66e384f9e8caf1c247774e0c6b44e5)
Firefox accepts the SSL cert for https://challenge.asirra.com/js/AsirraClientSide.js, but Chromium does not, so I'm not sure we should merge this. It is signed by what seems to be an obscure SSL issuer, "MSIT Machine Auth CA 2". I emailed them to ask if it's possible for them to switch to a more compatible one.
Certificate checkers (e.g. https://www.digicert.com/help/ ) also indicate the root is not trusted.
They replied to my email last week (sorry I forgot to update this), and after some troubleshooting, we tracked down a possible cause. They are investigating if they can fix it on their end so https://challenge.asirra.com/js/AsirraClientSide.js has valid SSL.
They were able to fix it, so this is ready for review.
Merged