Last modified: 2013-06-06 01:50:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T42631, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 40631 - Asirra link hardcoded as http, caused mixed content warnings when used over https
Asirra link hardcoded as http, caused mixed content warnings when used over h...
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
ConfirmEdit (CAPTCHA extension) (Other open bugs)
master
All All
: Low minor (vote)
: ---
Assigned To: Matthew Flaschen
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-29 23:14 UTC by Jacob Lesser
Modified: 2013-06-06 01:50 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jacob Lesser 2012-09-29 23:14:41 UTC 
The link to the Asirra clientscript is hardcoded as http://.  This causes mixed content warnings in internet explorer when viewed over a secure https:// connection and the CAPTCHA does not display.  This can be fixed by modifying line 8 of Asirra.class.php from this:

public $asirra_clientscript = 'http://challenge.asirra.com/js/AsirraClientSide.js';

to this:

public $asirra_clientscript = '//challenge.asirra.com/js/AsirraClientSide.js';
Comment 1 Gerrit Notification Bot 2013-05-03 19:46:10 UTC 
Related URL: https://gerrit.wikimedia.org/r/62186 (Gerrit Change Id31041b90f66e384f9e8caf1c247774e0c6b44e5)
Comment 2 Matthew Flaschen 2013-05-03 19:53:53 UTC 
Firefox accepts the SSL cert for https://challenge.asirra.com/js/AsirraClientSide.js, but Chromium does not, so I'm not sure we should merge this.

It is signed by what seems to be an obscure SSL issuer, "MSIT Machine Auth CA 2".

I emailed them to ask if it's possible for them to switch to a more compatible one.
Comment 3 Matthew Flaschen 2013-05-03 20:03:09 UTC 
Certificate checkers (e.g. https://www.digicert.com/help/ ) also indicate the root is not trusted.
Comment 4 Matthew Flaschen 2013-05-14 01:40:31 UTC 
They replied to my email last week (sorry I forgot to update this), and after some troubleshooting, we tracked down a possible cause.  They are investigating if they can fix it on their end so https://challenge.asirra.com/js/AsirraClientSide.js has valid SSL.
Comment 5 Matthew Flaschen 2013-06-05 21:51:00 UTC 
They were able to fix it, so this is ready for review.
Comment 6 Matthew Flaschen 2013-06-06 01:50:51 UTC 
Merged
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links