On Tue, Feb 15, 2011 at 4:36 PM, Walter McGinnis <walter(a)katipo.co.nz> wrote:
Now, in practice implementing this has challenges.
I'm the lead developer on Kete, an open source Ruby on Rails app (
http://kete.net.nz),
and recently wanted to make the switch to fully HTTPS for a site and the Kete app when
used with HTTPS.
I encountered the headache of mixed content warnings.
What problems does this present in practice? I notice Gmail sometimes
serves mixed content without my browser complaining significantly.
The UI changes a bit, but nothing worse than normal http:// UI.
All this boils down to, yes full HTTPS is best
practice, but if you make use of external APIs or services, it may be hard to achieve.
Using an external API or service by including stuff from third-party
sites would send users' IP addresses to those sites, which would
violate Wikimedia's privacy policy, so this isn't an issue for us.