[outages] Twitter: mixed-mode security?
Jeremy Chadwick
jdc at koitsu.org
Wed Jul 3 22:49:43 EDT 2013
On Wed, Jul 03, 2013 at 10:28:12PM -0400, Jay Ashworth wrote:
> I've been using HTTP anywhere (in Firefox), and whatever does that in Chrome,
> on both Linux and Windows, for some months or more.
>
> Suddenly tonight, I see that Chrome is complaining about mixed-mode security
> on Twitter -- but not on FB or any other sites I visit that way.
>
> Firefox isn't complaining about Twitter.
>
> Chrome is known to be pickier about this; a site I worked on had to test
> both cause Chrome would complain when FF did not.
>
> Can some other folks check Twitter over HTTPS/IPv4 tonight and see if they
> are also getting the slashed-out https indication on Twitter?
I use Twitter via IPv4 (and exclusively the HTTPS scheme), and use
Firefox, quite regularly (20-30 times a day).
I know exactly what you mean when you say "mixed-mode security" (for
readers: accessing a site using HTTPS, but the URLs referenced within
that site (for things like CSS, images, etc.) might use HTTP).
But what I don't know is where you've seen this. As in a step-by-step
for where you commonly see it. Even if it varies, just make an itemised
list of steps (from the point you hit http://twitter.com/ to wherever
you see the issue) where you commonly see it.
I can try to reproduce it there if need be, and/or do some analysis with
either Firebug's Network tab or Wireshark, but I need a good starting
point! :-)
Also, and I probably don't need to tell you this, but too much code on
webservers (doesn't matter where (front or back-end)) behaves different
based on HTTP User-Agent string. (I could write my own rant about this
completely unnecessary approach, but I'll spare folks)
--
| Jeremy Chadwick jdc at koitsu.org |
| UNIX Systems Administrator http://jdc.koitsu.org/ |
| Making life hard for others since 1977. PGP 4BD6C0CB |
More information about the Outages
mailing list