Hi - We had a reason that we enabled https in the first place. I don't recall it now, but there was a reason. It may have had to do with update servers.
Regards, Dave On Feb 19, 2015, at 2:49 PM, Marcus wrote: > Am 02/19/2015 11:14 PM, schrieb Andrea Pescetti: >> On 19/02/2015 Marcus wrote: >>> OK, next try. Still an error message? >> >> Well... we NOWHERE, and I repeat NOWHERE, advertise the URL >> https://www.openoffice.org ; as a courtesy to those people who prefer >> HTTPS, we make it available, but if they use broken extensions or >> paranoid security settings they cannot blame us too much. > > then the solution would be to make it unavailable. ;-) > > Seriously, I agree with Jan. When it's available then it should work. > > Furthermore, there is also involvement of SEO: Google prefers the > availability of HTTPS over HTTP. > >> Then: >> >> 1) I also get (Firefox) the warning about "This website does not supply >> identity information"; I didn't investigate this one. >> >> 2) We still load components from HTTP. Marcus, the Net panel in Firebug >> will show you the URLs to all components. You will see that starting >> with a 404 (?) for >> http://www.openoffice.org/images/formElementDropShadow.png?2011060812 >> you have a series of action buttons that are all included via HTTP. This >> is because lines 56- of >> https://www.openoffice.org/home.css >> contain explicit HTTP links. >> >> You may fix it (but I would need to check the CSS syntax for the url() >> parameter) by: >> - Using /path/to links as Ariel suggested >> - Using // URLs (e.g., "//www.openoffice.org" will point to >> https://www.openoffice.org when called in a https page and to >> http://www.openoffice.org when called in a http page) ; I'm not a big >> fan of this solution, I would prefer the former one. >> >> All of this would anyway fix an undocumented, unpublished URL that we >> make available just to please people (remember, this is a static HTML >> site with no interactive server-side functionality or logins). > > I don't want to stress a new topic. :-P However, wasn't there a discussion to > request a SSL certificate from Infra and the point was IMHO the difficulty to > get this as a wildcard certificate? > > Anyway, I volunteer to do fixes where they a re needed (yes, I know we have a > big wesite. ;-) ) > > Thanks for your valuable hints. > > Marcus > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
