Heads Up - Gadgets and user defined js may need updating for HTTPS tomorrow

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Heads Up - Gadgets and user defined js may need updating for HTTPS tomorrow

Greg Grossmeier-2
As brought to my attention by Max, through a post on his talk page:
https://meta.wikimedia.org/wiki/User_talk:MZMcBride#HTTPS_switch

== The problem ==

Basically, some user defined JS out there has "http://" hard coded, and
when you request insecure (non-https) resources during a secure session
you get errors in many modern browsers.

This is a heads up that this user created code might need some special
attention before and after the switch over.

== How to fix ==

The best option is to use "protocol relative" urls, these are urls that
start with "//someurl" instead of "http://" or "https://" or "gopher://"
etc.

Here's a blog post about when we started using protocol relative urls in
MediaWiki and at WMF:
https://blog.wikimedia.org/2011/07/19/protocol-relative-urls-enabled-on-test-wikipedia-org/

I've put up basic instructions on the HTTPS page on metawiki:
https://meta.wikimedia.org/wiki/HTTPS#Help.21_My_code_is_broken.21


Thanks for getting this out to the appropriate channels!

Greg


cc'ing [hidden email] because there might be some
overlap of affected people on that list.

--
| Greg Grossmeier            GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @greg                A18D 1138 8E47 FAC8 1C7D |

_______________________________________________
Wikibots-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikibots-l

signature.asc (853 bytes) Download Attachment