[outages] Twitter: mixed-mode security?
Jay Ashworth
jra at baylink.com
Wed Jul 3 23:21:53 EDT 2013
----- Original Message -----
> From: "Jeremy Chadwick" <jdc at koitsu.org>
> I know exactly what you mean when you say "mixed-mode security" (for
> readers: accessing a site using HTTPS, but the URLs referenced within
> that site (for things like CSS, images, etc.) might use HTTP).
>
> But what I don't know is where you've seen this. As in a step-by-step
> for where you commonly see it. Even if it varies, just make an itemised
> list of steps (from the point you hit http://twitter.com/ to wherever
> you see the issue) where you commonly see it.
Generally, anywhere I go on twitter's site (since it's AJAX now, there
really isn't anywhere you "go"), it's https and it's not crossed out,
as Chrome does to indicate mixed-mode.
As of tonight, I'm getting the "crossed-out https" indicator everywhere,
even after a cache purge and a Ctrl-F5 reload.
> I can try to reproduce it there if need be, and/or do some analysis with
> either Firebug's Network tab or Wireshark, but I need a good starting point! :-)
Remind me where Chrome identifies what's unsecure, and I'll go look it up.
> Also, and I probably don't need to tell you this, but too much code on
> webservers (doesn't matter where (front or back-end)) behaves different
> based on HTTP User-Agent string. (I could write my own rant about this
> completely unnecessary approach, but I'll spare folks)
Sure. But this is "change in working environment, not apparently prompted
by anything user-side".
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
More information about the Outages
mailing list