Last modified: 2014-03-10 17:45:32 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64488, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62488 - Wikimedia blog has unsecured elements on https
Wikimedia blog has unsecured elements on https
Status: RESOLVED INVALID
Product: Wikimedia
Classification: Unclassified
Blog (Other open bugs)
wmf-deployment
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-10 16:01 UTC by Techman224
Modified: 2014-03-10 17:45 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Techman224 2014-03-10 16:01:00 UTC 
When I access the Wikimedia blog on https, I get a warning on chrome that it contains unsecured elements, which means the site isn't completely secure. They need to be found and made secure.
Comment 1 Liangent 2014-03-10 16:31:18 UTC 
One is the information button of "For versions in other languages, please check the wiki version of this report, or add your own translation there!", and another is "‘Tofu’ Detection". Both are from blog content instead of the software.
Comment 2 Techman224 2014-03-10 17:31:16 UTC 
Take a look at the pictures, looking at my console I getting,

The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but displayed insecure content from 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow-Diagram.png': this content should also be loaded over HTTPS.
 blog.wikimedia.org/:1

The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but displayed insecure content from 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow-Diagram.png': this content should also be loaded over HTTPS.
 blog.wikimedia.org/:177

The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but displayed insecure content from 'http://upload.wikimedia.org/wikipedia/commons/thumb/3/35/Information_icon.svg/32px-Information_icon.svg.png': this content should also be loaded over HTTPS.

It's the images that are causing the warnings, they should be loaded with https, not http.
Comment 3 Liangent 2014-03-10 17:45:32 UTC 
(In reply to Techman224 from comment #2)
> Take a look at the pictures, looking at my console I getting,
> 
> The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but
> displayed insecure content from
> 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow-
> Diagram.png': this content should also be loaded over HTTPS.
>  blog.wikimedia.org/:1
> 
> The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but
> displayed insecure content from
> 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow-
> Diagram.png': this content should also be loaded over HTTPS.
>  blog.wikimedia.org/:177
> 
> The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but
> displayed insecure content from
> 'http://upload.wikimedia.org/wikipedia/commons/thumb/3/35/Information_icon.
> svg/32px-Information_icon.svg.png': this content should also be loaded over
> HTTPS.
> 
> It's the images that are causing the warnings, they should be loaded with
> https, not http.

This is like what happens when a sysop puts importScriptURI("http://bits.wikimedia.org/...") in MediaWiki:Common.js. There's nothing that can be done from developer or sysadmin side. Ask blog post writers to fix them.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links