Posted by lyricnz on March 16, 2008 at 11:55am
Jump to:
| Project: | Drupal.org infrastructure |
| Component: | association.drupal.org |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
On http://association.drupal.org many of the hyperlinks refer to https://association.drupal.org, which is unnecessary, a bit slower and more load on the servers. I can understand why logins, and other potentially sensitive information may want to be SSL-encrypted, but this should not be required for normal activity. Also (related issue) since the certificate is issued by cacert, it causes popups/warnings in many browsers (as this CA is not installed in most browsers by default).
eg: http://association.drupal.org/civicrm/profile?reset=1&force=1&gid=4&sear...
This page includes https links to stylesheets, javascript, and subsequent pages:
<style type="text/css">@import url(https://association.drupal.org/sites/association.drupal.org/modules/civi...);</style>
...
<script type="text/javascript" src="https://association.drupal.org/sites/association.drupal.org/modules/civicrm/js/Common.js"></script>
...
<label>Rows per page:</label>
<a href="https://association.drupal.org/civicrm/profile?q=civicrm/profile&force=1&gid=4&search=0&crmRowCount=25" >25</a> |
50 |
<a href="https://association.drupal.org/civicrm/profile?q=civicrm/profile&force=1&gid=4&search=0&crmRowCount=100" >100</a> FWIW, I am using Safari 3.0.4, but get the same issue in Firefox etc.
Comments
#1
There's not much we can do wrt the css and js links. Unfortunately, CiviCRM insists on using absolute rather than relative URLs for them.
The pager issue should be fixable and indeed when I looked yesterday into it it didn't occur.
#2
I've done a recursive wget on the site and didn't find any inward https links. I believe this issue has been fixed previously.
#3
Automatically closed -- issue fixed for 2 weeks with no activity.
#4
Just to note, only serving logins over https while serving other pages over http will only protect your password, not your account (firesheep anyone?)