On 20 February 2015 at 00:34, Dave Fisher <dave2w...@comcast.net> wrote:
> Hi - > > We had a reason that we enabled https in the first place. I don't recall > it now, but there was a reason. It may have had to do with update servers. > The main web server on which we run, have always been enabled for both http: and https: but we have not been able to use it, due to a missing certificate. When we got the openoffice certificate, we had the possibility and at the same time we needed to change other services to https because the had a login facility. This lead to a decision, to do it but not officially support it. Someone (I think Markus or Rob) did a good job of removing http: on most tags, but some was to complicated to be removed automatically, hence we have some "leftovers". Now with https: ranging high in google, we are effectively promoting that site, which is why I feel it should work or be removed (which I do not recommend). rgds jan i. > > Regards, > Dave > > On Feb 19, 2015, at 2:49 PM, Marcus wrote: > > > Am 02/19/2015 11:14 PM, schrieb Andrea Pescetti: > >> On 19/02/2015 Marcus wrote: > >>> OK, next try. Still an error message? > >> > >> Well... we NOWHERE, and I repeat NOWHERE, advertise the URL > >> https://www.openoffice.org ; as a courtesy to those people who prefer > >> HTTPS, we make it available, but if they use broken extensions or > >> paranoid security settings they cannot blame us too much. > > > > then the solution would be to make it unavailable. ;-) > > > > Seriously, I agree with Jan. When it's available then it should work. > > > > Furthermore, there is also involvement of SEO: Google prefers the > availability of HTTPS over HTTP. > > > >> Then: > >> > >> 1) I also get (Firefox) the warning about "This website does not supply > >> identity information"; I didn't investigate this one. > >> > >> 2) We still load components from HTTP. Marcus, the Net panel in Firebug > >> will show you the URLs to all components. You will see that starting > >> with a 404 (?) for > >> http://www.openoffice.org/images/formElementDropShadow.png?2011060812 > >> you have a series of action buttons that are all included via HTTP. This > >> is because lines 56- of > >> https://www.openoffice.org/home.css > >> contain explicit HTTP links. > >> > >> You may fix it (but I would need to check the CSS syntax for the url() > >> parameter) by: > >> - Using /path/to links as Ariel suggested > >> - Using // URLs (e.g., "//www.openoffice.org" will point to > >> https://www.openoffice.org when called in a https page and to > >> http://www.openoffice.org when called in a http page) ; I'm not a big > >> fan of this solution, I would prefer the former one. > >> > >> All of this would anyway fix an undocumented, unpublished URL that we > >> make available just to please people (remember, this is a static HTML > >> site with no interactive server-side functionality or logins). > > > > I don't want to stress a new topic. :-P However, wasn't there a > discussion to request a SSL certificate from Infra and the point was IMHO > the difficulty to get this as a wildcard certificate? > > > > Anyway, I volunteer to do fixes where they a re needed (yes, I know we > have a big wesite. ;-) ) > > > > Thanks for your valuable hints. > > > > Marcus > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > > For additional commands, e-mail: dev-h...@openoffice.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
