Slippy map embedded in geohack page not working in HTTPS mode

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Slippy map embedded in geohack page not working in HTTPS mode

Neil Harris
I've just noticed that the slippy map within the wmflabs GeoHack page
does not work when accessed via HTTPS, and thought I should mention it here.

For example, compare:

http://tools.wmflabs.org/geohack/geohack.php?pagename=Foo&params=10_N_10_E

with

https://tools.wmflabs.org/geohack/geohack.php?pagename=Foo&params=10_N_10_E

Could this be a mixed-content issue involving the script that drives the
slippy map not using protocol-relative URLs, or the slippy map tile
provider not responding to HTTPS?

Neil


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Brion Vibber-4
What browser are you using? Works for me in Firefox 23.0.1 and Chrome
29.0.1547.62
on OS X 10.8.

-- brion


On Fri, Aug 30, 2013 at 6:14 AM, Neil Harris <[hidden email]> wrote:

> I've just noticed that the slippy map within the wmflabs GeoHack page does
> not work when accessed via HTTPS, and thought I should mention it here.
>
> For example, compare:
>
> http://tools.wmflabs.org/**geohack/geohack.php?pagename=**
> Foo&params=10_N_10_E<http://tools.wmflabs.org/geohack/geohack.php?pagename=Foo&params=10_N_10_E>
>
> with
>
> https://tools.wmflabs.org/**geohack/geohack.php?pagename=**
> Foo&params=10_N_10_E<https://tools.wmflabs.org/geohack/geohack.php?pagename=Foo&params=10_N_10_E>
>
> Could this be a mixed-content issue involving the script that drives the
> slippy map not using protocol-relative URLs, or the slippy map tile
> provider not responding to HTTPS?
>
> Neil
>
>
> ______________________________**_________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Mormegil
On Fri, Aug 30, 2013 at 3:17 PM, Brion Vibber <[hidden email]> wrote:

> What browser are you using? Works for me in Firefox 23.0.1 and Chrome
> 29.0.1547.62
> on OS X 10.8.
>

Does not work for me on Firefox 23.0 on Windows with

Blocked loading mixed active content "
http://toolserver.org/~dschwen/wma/iframe.html?10_10_700_500_en_5_en&globe=Earth&lang=en&page=Foo&client=GeoHack
"
Source:
https://en.wikipedia.org/w/index.php?title=MediaWiki:GeoHack.js&action=raw&ctype=text/javascript
Line: 42

-- [[cs:User:Mormegil | Petr Kadlec]]
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Brion Vibber-4
Hmm... HTTPS Everywhere might be borking something in my Firefox and making
it work unexpectedly. :)

In Chrome, I do see mixed-content warnings in the JavaScript console; tiles
and such appear to be being loaded insecurely.

-- brion


On Fri, Aug 30, 2013 at 6:29 AM, Petr Kadlec <[hidden email]> wrote:

> On Fri, Aug 30, 2013 at 3:17 PM, Brion Vibber <[hidden email]>
> wrote:
>
> > What browser are you using? Works for me in Firefox 23.0.1 and Chrome
> > 29.0.1547.62
> > on OS X 10.8.
> >
>
> Does not work for me on Firefox 23.0 on Windows with
>
> Blocked loading mixed active content "
>
> http://toolserver.org/~dschwen/wma/iframe.html?10_10_700_500_en_5_en&globe=Earth&lang=en&page=Foo&client=GeoHack
> "
> Source:
>
> https://en.wikipedia.org/w/index.php?title=MediaWiki:GeoHack.js&action=raw&ctype=text/javascript
> Line: 42
>
> -- [[cs:User:Mormegil | Petr Kadlec]]
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Neil Harris
In reply to this post by Brion Vibber-4
On 30/08/13 14:17, Brion Vibber wrote:
> What browser are you using? Works for me in Firefox 23.0.1 and Chrome
> 29.0.1547.62
> on OS X 10.8.
>
> -- brion

Firefox 24.0 beta 6, running on Debian Linux 6.0.

I wonder if this may involve some tighter checking on same-origin etc.
in Firefox 24. If so, this may be an early warning of possible problems
when Firefox push 24.0 out to the wide world in a few weeks' time.

I'll go check this on some other browser/OS combinations.

-- N.



_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Brion Vibber-4
On Fri, Aug 30, 2013 at 7:13 AM, Neil Harris <[hidden email]> wrote:

> On 30/08/13 14:17, Brion Vibber wrote:
>
>> What browser are you using? Works for me in Firefox 23.0.1 and Chrome
>> 29.0.1547.62
>> on OS X 10.8.
>>
>
> Firefox 24.0 beta 6, running on Debian Linux 6.0.
>
> I wonder if this may involve some tighter checking on same-origin etc. in
> Firefox 24. If so, this may be an early warning of possible problems when
> Firefox push 24.0 out to the wide world in a few weeks' time.
>

Looking it up... Per <
https://developer.mozilla.org/en-US/docs/Security/MixedContent> the default
block on mixed HTTPS/HTTP content was added in Firefox 23, so it might just
be that HTTPS Everywhere is activating even when I've got it disabled and
silently 'fixing' it for me. :)

I can confirm the load fail on my Windows box which has a fresher Firefox
23 installation.

I'll go check this on some other browser/OS combinations.
>

IE 10 also shows a warning, though you can click through to show the hidden
content. Safari seems to pass it through.

I definitely recommend fixing the geohack page to work properly over SSL...

-- brion
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Marc-Andre
On 08/30/2013 10:21 AM, Brion Vibber wrote:
> I definitely recommend fixing the geohack page to work properly over SSL...

Given that the actual webserver fully allows https, I expect the only
issue is protocol specified in some constructed URLs and should be
fairly simple to fix.  The listed maintainers of the Tool Lab's geohack
are Magnus Manske and Kolossos; Perhaps poking one of them?

-- Marc


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Neil Harris
In reply to this post by Brion Vibber-4
On 30/08/13 15:21, Brion Vibber wrote:
> On Fri, Aug 30, 2013 at 7:13 AM, Neil Harris <[hidden email]> wrote:
>
>
> IE 10 also shows a warning, though you can click through to show the hidden
> content. Safari seems to pass it through.

iOS 6 on an iPhone is also happy to display the slippy map on the https:
page, so presumably also lacks the mixed content check.

-- N.

> I definitely recommend fixing the geohack page to work properly over SSL...
>
> -- brion
>


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Mormegil
In reply to this post by Marc-Andre
On Fri, Aug 30, 2013 at 4:26 PM, Marc A. Pelletier <[hidden email]> wrote:

> On 08/30/2013 10:21 AM, Brion Vibber wrote:
> > I definitely recommend fixing the geohack page to work properly over
> SSL...
>
> Given that the actual webserver fully allows https, I expect the only
> issue is protocol specified in some constructed URLs and should be
> fairly simple to fix.  The listed maintainers of the Tool Lab's geohack
> are Magnus Manske and Kolossos; Perhaps poking one of them?
>

Isn’t the only problem the hardcoded http: URL for the map iframe in
https://en.wikipedia.org/wiki/MediaWiki:GeoHack.js, fixable by any enwiki
sysop?

-- [[cs:User:Mormegil | Petr Kadlec]]
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Brion Vibber-4
On Fri, Aug 30, 2013 at 7:31 AM, Petr Kadlec <[hidden email]> wrote:

> Isn’t the only problem the hardcoded http: URL for the map iframe in
> https://en.wikipedia.org/wiki/MediaWiki:GeoHack.js, fixable by any enwiki
> sysop?
>

......and done. :)
https://en.wikipedia.org/wiki/MediaWiki_talk:GeoHack.js#HTTPS_fix

-- brion
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Slippy map embedded in geohack page not working in HTTPS mode

Neil Harris
On 30/08/13 15:41, Brion Vibber wrote:

> On Fri, Aug 30, 2013 at 7:31 AM, Petr Kadlec <[hidden email]> wrote:
>
>> Isn’t the only problem the hardcoded http: URL for the map iframe in
>> https://en.wikipedia.org/wiki/MediaWiki:GeoHack.js, fixable by any enwiki
>> sysop?
>>
> ......and done. :)
> https://en.wikipedia.org/wiki/MediaWiki_talk:GeoHack.js#HTTPS_fix
>
> -- brion

Yes, that's fixed it.

Thank you!

-- Neil


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l