I've just noticed that the slippy map within the wmflabs GeoHack page does not work when accessed via HTTPS, and thought I should mention it here.
For example, compare:
http://tools.wmflabs.org/geohack/geohack.php?pagename=Foo%C2%B6ms=10_N_10_E
with
https://tools.wmflabs.org/geohack/geohack.php?pagename=Foo%C2%B6ms=10_N_10_E
Could this be a mixed-content issue involving the script that drives the slippy map not using protocol-relative URLs, or the slippy map tile provider not responding to HTTPS?
Neil
What browser are you using? Works for me in Firefox 23.0.1 and Chrome 29.0.1547.62 on OS X 10.8.
-- brion
On Fri, Aug 30, 2013 at 6:14 AM, Neil Harris neil@tonal.clara.co.uk wrote:
I've just noticed that the slippy map within the wmflabs GeoHack page does not work when accessed via HTTPS, and thought I should mention it here.
For example, compare:
http://tools.wmflabs.org/**geohack/geohack.php?pagename=** Foo¶ms=10_N_10_Ehttp://tools.wmflabs.org/geohack/geohack.php?pagename=Foo¶ms=10_N_10_E
with
https://tools.wmflabs.org/**geohack/geohack.php?pagename=** Foo¶ms=10_N_10_Ehttps://tools.wmflabs.org/geohack/geohack.php?pagename=Foo¶ms=10_N_10_E
Could this be a mixed-content issue involving the script that drives the slippy map not using protocol-relative URLs, or the slippy map tile provider not responding to HTTPS?
Neil
______________________________**_________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-lhttps://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Fri, Aug 30, 2013 at 3:17 PM, Brion Vibber bvibber@wikimedia.org wrote:
What browser are you using? Works for me in Firefox 23.0.1 and Chrome 29.0.1547.62 on OS X 10.8.
Does not work for me on Firefox 23.0 on Windows with
Blocked loading mixed active content " http://toolserver.org/~dschwen/wma/iframe.html?10_10_700_500_en_5_en&glo... " Source: https://en.wikipedia.org/w/index.php?title=MediaWiki:GeoHack.js&action=r... Line: 42
-- [[cs:User:Mormegil | Petr Kadlec]]
Hmm... HTTPS Everywhere might be borking something in my Firefox and making it work unexpectedly. :)
In Chrome, I do see mixed-content warnings in the JavaScript console; tiles and such appear to be being loaded insecurely.
-- brion
On Fri, Aug 30, 2013 at 6:29 AM, Petr Kadlec petr.kadlec@gmail.com wrote:
On Fri, Aug 30, 2013 at 3:17 PM, Brion Vibber bvibber@wikimedia.org wrote:
What browser are you using? Works for me in Firefox 23.0.1 and Chrome 29.0.1547.62 on OS X 10.8.
Does not work for me on Firefox 23.0 on Windows with
Blocked loading mixed active content "
http://toolserver.org/~dschwen/wma/iframe.html?10_10_700_500_en_5_en&glo... " Source:
https://en.wikipedia.org/w/index.php?title=MediaWiki:GeoHack.js&action=r... Line: 42
-- [[cs:User:Mormegil | Petr Kadlec]] _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 30/08/13 14:17, Brion Vibber wrote:
What browser are you using? Works for me in Firefox 23.0.1 and Chrome 29.0.1547.62 on OS X 10.8.
-- brion
Firefox 24.0 beta 6, running on Debian Linux 6.0.
I wonder if this may involve some tighter checking on same-origin etc. in Firefox 24. If so, this may be an early warning of possible problems when Firefox push 24.0 out to the wide world in a few weeks' time.
I'll go check this on some other browser/OS combinations.
-- N.
On Fri, Aug 30, 2013 at 7:13 AM, Neil Harris neil@tonal.clara.co.uk wrote:
On 30/08/13 14:17, Brion Vibber wrote:
What browser are you using? Works for me in Firefox 23.0.1 and Chrome 29.0.1547.62 on OS X 10.8.
Firefox 24.0 beta 6, running on Debian Linux 6.0.
I wonder if this may involve some tighter checking on same-origin etc. in Firefox 24. If so, this may be an early warning of possible problems when Firefox push 24.0 out to the wide world in a few weeks' time.
Looking it up... Per < https://developer.mozilla.org/en-US/docs/Security/MixedContent%3E the default block on mixed HTTPS/HTTP content was added in Firefox 23, so it might just be that HTTPS Everywhere is activating even when I've got it disabled and silently 'fixing' it for me. :)
I can confirm the load fail on my Windows box which has a fresher Firefox 23 installation.
I'll go check this on some other browser/OS combinations.
IE 10 also shows a warning, though you can click through to show the hidden content. Safari seems to pass it through.
I definitely recommend fixing the geohack page to work properly over SSL...
-- brion
On 08/30/2013 10:21 AM, Brion Vibber wrote:
I definitely recommend fixing the geohack page to work properly over SSL...
Given that the actual webserver fully allows https, I expect the only issue is protocol specified in some constructed URLs and should be fairly simple to fix. The listed maintainers of the Tool Lab's geohack are Magnus Manske and Kolossos; Perhaps poking one of them?
-- Marc
On Fri, Aug 30, 2013 at 4:26 PM, Marc A. Pelletier marc@uberbox.org wrote:
On 08/30/2013 10:21 AM, Brion Vibber wrote:
I definitely recommend fixing the geohack page to work properly over
SSL...
Given that the actual webserver fully allows https, I expect the only issue is protocol specified in some constructed URLs and should be fairly simple to fix. The listed maintainers of the Tool Lab's geohack are Magnus Manske and Kolossos; Perhaps poking one of them?
Isn’t the only problem the hardcoded http: URL for the map iframe in https://en.wikipedia.org/wiki/MediaWiki:GeoHack.js, fixable by any enwiki sysop?
-- [[cs:User:Mormegil | Petr Kadlec]]
On Fri, Aug 30, 2013 at 7:31 AM, Petr Kadlec petr.kadlec@gmail.com wrote:
Isn’t the only problem the hardcoded http: URL for the map iframe in https://en.wikipedia.org/wiki/MediaWiki:GeoHack.js, fixable by any enwiki sysop?
......and done. :) https://en.wikipedia.org/wiki/MediaWiki_talk:GeoHack.js#HTTPS_fix
-- brion
On 30/08/13 15:41, Brion Vibber wrote:
On Fri, Aug 30, 2013 at 7:31 AM, Petr Kadlec petr.kadlec@gmail.com wrote:
Isn’t the only problem the hardcoded http: URL for the map iframe in https://en.wikipedia.org/wiki/MediaWiki:GeoHack.js, fixable by any enwiki sysop?
......and done. :) https://en.wikipedia.org/wiki/MediaWiki_talk:GeoHack.js#HTTPS_fix
-- brion
Yes, that's fixed it.
Thank you!
-- Neil
On 30/08/13 15:21, Brion Vibber wrote:
On Fri, Aug 30, 2013 at 7:13 AM, Neil Harris neil@tonal.clara.co.uk wrote:
IE 10 also shows a warning, though you can click through to show the hidden content. Safari seems to pass it through.
iOS 6 on an iPhone is also happy to display the slippy map on the https: page, so presumably also lacks the mixed content check.
-- N.
I definitely recommend fixing the geohack page to work properly over SSL...
-- brion
wikitech-l@lists.wikimedia.org