Can someone please remind me the reasons why we cannot do login via JavaScript on mobile web? Are there any reasons?
Jon Robson, 04/02/2014 01:34:
Can someone please remind me the reasons why we cannot do login via JavaScript on mobile web? Are there any reasons?
https://bugzilla.wikimedia.org/show_bug.cgi?id=15700 and specifically https://bugzilla.wikimedia.org/show_bug.cgi?id=17312 ?
Nemo
I had a chat with Chris Steipp and Brandon Harris. I was hoping they would chip in here (maybe they are not on the list so cc'ing them)
From the result of this talk it sounded like we could do login via
JavaScript as long as we could ensure the user was on http at the time of login.
Effectively something like this... <script> if ( window.location.protocol == 'https' ) { $( '.login' ).on( 'click', doAjaxLogin ); } </script>
Please correct me if I'm wrong...
On Tue, Feb 4, 2014 at 3:11 AM, Federico Leva (Nemo) nemowiki@gmail.com wrote:
Jon Robson, 04/02/2014 01:34:
Can someone please remind me the reasons why we cannot do login via JavaScript on mobile web? Are there any reasons?
https://bugzilla.wikimedia.org/show_bug.cgi?id=15700 and specifically https://bugzilla.wikimedia.org/show_bug.cgi?id=17312 ?
Nemo
Mobile-l mailing list Mobile-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mobile-l
On Wed, Feb 5, 2014 at 11:18 AM, Jon Robson jrobson@wikimedia.org wrote:
I had a chat with Chris Steipp and Brandon Harris. I was hoping they would chip in here (maybe they are not on the list so cc'ing them)
From the result of this talk it sounded like we could do login via JavaScript as long as we could ensure the user was on http at the time of login.
Effectively something like this...
<script> if ( window.location.protocol == 'https' ) { $( '.login' ).on( 'click', doAjaxLogin ); } </script>
Please correct me if I'm wrong...
On Tue, Feb 4, 2014 at 3:11 AM, Federico Leva (Nemo) nemowiki@gmail.com wrote:
Jon Robson, 04/02/2014 01:34:
Can someone please remind me the reasons why we cannot do login via JavaScript on mobile web? Are there any reasons?
https://bugzilla.wikimedia.org/show_bug.cgi?id=15700 and specifically https://bugzilla.wikimedia.org/show_bug.cgi?id=17312 ?
Nemo
Mobile-l mailing list Mobile-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mobile-l
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.
Right. And note that the *app* doesn’t have this problem, since login can be handled natively.
On Feb 5, 2014, at 11:22 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.
Mobile-l mailing list Mobile-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mobile-l
--- Brandon Harris, Senior Designer, Wikimedia Foundation
Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
Although it can be problematic UX wise - non AJAX login on non-https and AJAX logins on https could be confusing. Although, if we *are* being MITM'd with http, the MITM'er can just insert JS that pretends to have AJAX login...
On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.
Whoops... typo :) I promise to use === as well if ( window.location.protocol === 'https' ) {
" From the result of this talk it sounded like we could do login via JavaScript as long as we could ensure the user was on HTTPS the time of login."
On Wed, Feb 5, 2014 at 11:25 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Although it can be problematic UX wise - non AJAX login on non-https and AJAX logins on https could be confusing. Although, if we *are* being MITM'd with http, the MITM'er can just insert JS that pretends to have AJAX login...
On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.
-- Yuvi Panda T http://yuvi.in/blog
Mobile-l mailing list Mobile-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mobile-l
On Wed, Feb 5, 2014 at 11:22 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.
Just FYI, this is something we may do in Growth for desktop, before end of fiscal year. Just depends on if we think there are enough readers on HTTPS to merit the work.
On Feb 5, 2014, at 11:18 AM, Jon Robson jrobson@wikimedia.org wrote:
I had a chat with Chris Steipp and Brandon Harris. I was hoping they would chip in here (maybe they are not on the list so cc'ing them)
From the result of this talk it sounded like we could do login via JavaScript as long as we could ensure the user was on http at the time of login.
Effectively something like this...
<script> if ( window.location.protocol == 'https' ) { $( '.login' ).on( 'click', doAjaxLogin ); } </script>
Please correct me if I'm wrong…
Err, the opposite of what you said in the paragraph but accurate in your code.
We cannot do AJAX logins *unless* the source is https.
--- Brandon Harris, Senior Designer, Wikimedia Foundation
Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate