On 8/3/09 10:56 AM, Neil Harris wrote:
I've noticed that images such as the sitelogo in
the login page linked
above are still served via HTTP, even when going through the secure
server. This causes Firefox to regard the whole page as potentially
compromised by unencrypted content, and it issues a warning message to
that effect.
Although the user can click through that warning, it would be much
better to have images served via HTTPS on pages from the secure server,
rather than habituating users into clicking through warning messages.
Yep, that's on my todo list for the ops boys this month. :)
Some BZ entries for your reference:
https://bugzilla.wikimedia.org/show_bug.cgi?id=16822
https://bugzilla.wikimedia.org/show_bug.cgi?id=18496
also for interwiki links:
https://bugzilla.wikimedia.org/show_bug.cgi?id=5440
and a note on some of the JS gadgets:
https://bugzilla.wikimedia.org/show_bug.cgi?id=17966
Once we have a cleaner interface for hitting the general pages (without
the 'secure.wikimedia.org' crappy single host) I'd also like us to get
the login pages running always through SSL:
https://bugzilla.wikimedia.org/show_bug.cgi?id=225
-- brion