[outages] Twitter: mixed-mode security?

Damian Menscher damian at google.com
Wed Jul 3 23:34:55 EDT 2013 

On Wed, Jul 3, 2013 at 8:21 PM, Jay Ashworth <jra at baylink.com> wrote:

> ----- Original Message -----
> > From: "Jeremy Chadwick" <jdc at koitsu.org>
>
> > I know exactly what you mean when you say "mixed-mode security" (for
> > readers: accessing a site using HTTPS, but the URLs referenced within
> > that site (for things like CSS, images, etc.) might use HTTP).
> >
> > But what I don't know is where you've seen this. As in a step-by-step
> > for where you commonly see it. Even if it varies, just make an itemised
> > list of steps (from the point you hit http://twitter.com/ to wherever
> > you see the issue) where you commonly see it.
>
> Generally, anywhere I go on twitter's site (since it's AJAX now, there
> really isn't anywhere you "go"), it's https and it's not crossed out,
> as Chrome does to indicate mixed-mode.
>
> As of tonight, I'm getting the "crossed-out https" indicator everywhere,
> even after a cache purge and a Ctrl-F5 reload.


This explains the meaning of the crossed-out https indicator:
https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1

> I can try to reproduce it there if need be, and/or do some analysis with
> > either Firebug's Network tab or Wireshark, but I need a good starting
> point! :-)
>
> Remind me where Chrome identifies what's unsecure, and I'll go look it up.


>From the chrome menu (the three lines at the top right), select Tools, then
Javascript Console.  That should give you an error where things went wrong,
and tell you specifically what it's unhappy about.

Damian

> Also, and I probably don't need to tell you this, but too much code on
> > webservers (doesn't matter where (front or back-end)) behaves different
> > based on HTTP User-Agent string. (I could write my own rant about this
> > completely unnecessary approach, but I'll spare folks)
>
> Sure.  But this is "change in working environment, not apparently prompted
> by anything user-side".
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth                  Baylink
> jra at baylink.com
> Designer                     The Things I Think                       RFC
> 2100
> Ashworth & Associates     http://baylink.pitas.com         2000 Land
> Rover DII
> St Petersburg FL USA               #natog                      +1 727 647
> 1274
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20130703/a8710617/attachment.htm>

More information about the Outages mailing list