Last modified: 2013-07-04 10:34:31 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T45015, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 43015 - Parsoid gives VisualEditor insecure content when using HTTPS (should use protocol-relative URLs)
Parsoid gives VisualEditor insecure content when using HTTPS (should use prot...
Status: RESOLVED FIXED
Product: Parsoid
Classification: Unclassified
General (Other open bugs)
unspecified
All All
: High major
: ---
Assigned To: Inez Korczyński
:
: 49283 49984 (view as bug list)
Depends on: 42976
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-12 15:46 UTC by MZMcBride
Modified: 2013-07-04 10:34 UTC (History)
10 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2012-12-12 15:46:32 UTC 
When I go to <https://en.wikipedia.org/wiki/User:Trevor_Parscal> and click the "visualeditor" tab, my browser console says:

---
The page at https://en.wikipedia.org/wiki/User:Trevor_Parscal displayed insecure content from http://en.wikipedia.org/w?title=Special:FilePath/California_Bay_Area_county_map.svg&width=.
---

Consequently, the pretty green lock icon in Google Chrome turns yellow.
Comment 1 Roan Kattouw 2012-12-12 19:03:46 UTC 
Upstream Parsoid bug: bug 42976
Comment 2 MZMcBride 2012-12-14 01:37:58 UTC 
Fixed by <https://gerrit.wikimedia.org/r/38673>.
Comment 3 James Forrester 2013-01-07 17:15:34 UTC 
Tagging with deploy-train cycle.
Comment 4 Erik Moeller 2013-06-18 04:50:45 UTC 
I am getting this issue, on the test page referenced in the bug and others, again. The URLs do not contain Special:FilePath anymore, so perhaps something was changed about  how images are handled that introduced a regression? Reopening this bug since the issue appears to be essentially the same.
Comment 6 James Forrester 2013-06-18 17:25:50 UTC 
*** Bug 49283 has been marked as a duplicate of this bug. ***
Comment 7 Roan Kattouw 2013-06-18 19:22:22 UTC 
This seems to have been unfixed in production.

Strangely, parsoid.wmflabs.org is now giving me https URLs for images.
Comment 8 Roan Kattouw 2013-06-19 00:52:16 UTC 
(In reply to comment #7)
> This seems to have been unfixed in production.
> 
Specifically, Parsoid is now once again returning http:// URLs for images (except in labs, where it returns https:// URLs). MZ submitted a fix in December to make these URLs protocol-relative, but this seems to have been unfixed somehow.

Perhaps the repository URL is being grabbed from the API? That would explain why it's now a fully qualified URL, and it might explain the difference between labs and production.
Comment 9 James Forrester 2013-06-19 00:57:09 UTC 
Per Roan's comments, moving to Parsoid so they can fix.
Comment 10 Gabriel Wicke 2013-06-19 01:04:03 UTC 
We used to use a special page redirect hack, but now use the API to properly retrieve image information including the path. So the new code needs to implement some similar protocol-relative massaging for image URLs, at least for the domains we know to support both http and https.
Comment 11 James Forrester 2013-06-21 22:50:05 UTC 
*** Bug 49984 has been marked as a duplicate of this bug. ***
Comment 12 Gerrit Notification Bot 2013-06-24 23:11:02 UTC 
Related URL: https://gerrit.wikimedia.org/r/70344 (Gerrit Change I253b9b7a9b463439e86d7cf7975cd92f9c851e70)
Comment 13 Gerrit Notification Bot 2013-06-24 23:38:20 UTC 
Related URL: https://gerrit.wikimedia.org/r/70348 (Gerrit Change Ied95c87fda13dbea2b8c46ad1e96fde1c50c1517)
Comment 14 Gerrit Notification Bot 2013-06-25 00:13:44 UTC 
https://gerrit.wikimedia.org/r/70348 (Gerrit Change Ied95c87fda13dbea2b8c46ad1e96fde1c50c1517) | change APPROVED and MERGED [by jenkins-bot]
Comment 15 Gabriel Wicke 2013-06-25 00:20:34 UTC 
The fix will go out with tomorrow's Parsoid deployment.
Comment 16 Gerrit Notification Bot 2013-06-25 00:20:34 UTC 
https://gerrit.wikimedia.org/r/70344 (Gerrit Change I253b9b7a9b463439e86d7cf7975cd92f9c851e70) | change APPROVED and MERGED [by jenkins-bot]
Comment 17 Andre Klapper 2013-07-04 10:34:31 UTC 
[Parsoid component reorg by merging JS/General and General. See bug 50685 for more information. Filter bugmail on this comment. parsoidreorg20130704]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links