Jump to content
xat 1.64 public beta out! See changes ×

HTTPS rollout


Admin

Recommended Posts

  • Advanced Members

Few others things:

 

https://xat.com/css/main.css -> line 346 -> background-image: url("http://xat.com/images/glyphicons-xat.png"); It should be change to https

- tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service.

- <script type="text/javascript" src="https://static.pbc.com/js/ultimatepay-api.js"></script> should be removed from buy.php since it's not used anymore + domain is dead. If someone buy it, he can inject code into buy page (oups)

https://xat.com/web_gear/chat/GetPowers.php allpowers.swf is not https

https://xat.com/web_gear/index.php it has a form http://www.xat.com/web_gear/chat.php it should be https. http://www.xatech.com/web_gear/chat/chat.swf should be called in https too.

https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf and powers images. Line 561, you are calling a jquery function, problem is the lib is not charged yet, you should call jquery before this function.

Link to comment
Share on other sites

  • Volunteers

https://xat.com/groups.php -> I don't know if this one has been reported but a few groups background are still using http. (See the quote)

 

Quote

Mixed Content: The page at 'https://xat.com/groups.php' was loaded over HTTPS, but requested an insecure image 'http://i1.xat.com/web_gear/chat/GetImage5.php?W=100&H=67&U=http://i.imgur.com/LhUncuQ.png'. This content should also be served over HTTPS.

 

12 hours ago, Jedi said:

https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf

 

Plus update the code embed on the page since it still uses http. (chat.php)

Link to comment
Share on other sites

  • Volunteers

- Media app is still using http links. (Specially when it gets the youtube image mc.pic.loadMovie("http://img.youtube.com/vi/" + _loc3_ + "/default.jpg",mc); AND mc.pic.loadMovie("http://" + _loc8_ + ".photobucket.com/" + _loc7_,mc);) SHOULDNT BE HTTPS DIRECTLY BUT // INSTEAD!

FIXED? - Grid app (30004) is still using http links and sometimes, it loads broken links. (Examplehttp://i.imgur.com/w5cOcAk.png)

- Trade App (30008) is still using http links. (Powers images)

 

are any of the below breaking ? -> It breaks the https yes. (That's why i added them (d) ) - Sloom

 

- Matchrace App (60193) is still using http links.  (matchrace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Xavi App (20047) is still using http links. (xavi.as -> "http://xat.com/json/xavi/"; // xatlib.as -> function (SmilieUrl))

- Hearts app (60225) is still using http links. ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl))

- Switch app (60239) is still using http links.  ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl))

- Spacewar app (60201) is still using http links. (xatinterface.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Snakerace app (60195) is still using http links. (snakerace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Library seems to be loaded somewhere and it's http. (See quote)

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/web_gear/flash/library.swf'. This content should also be served over HTTPS.

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://xat.com/web_gear/flash/load.swf?a4'. This content should also be served over HTTPS.

 

This error is coming from flag.swf since it loads external swfs for custom flag as http. (bkg.as)

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/images/sm2/flag/pe.swf?a'. This content should also be served over HTTPS.

 

Link to comment
Share on other sites

  • Advanced Members

Previously reported (reminder):

- If you click on the drop down menu (Store and More) on the main site, https breaks due to icons. 

-- Breaks on Auctions page too.(requested an insecure image 'http://xat.com/images/glyphicons-xat.png'.)

New:

- Safety wiki page (linked in footer) break https due to http images (altough wiki already was on https before, but i suppose it doesn't harm to report it now)

- Comments tab break https (xat.css and tWhite.png)

WQc5i-oqRymj2aWgT10ZIQ.jpeg

Link to comment
Share on other sites

  • Advanced Members

Ok i solved the problem i just went to http://xat.com/web_gear/chat/editgroup.php?GroupName=plai <<< i Add the s   >>  https://xat.com/web_gear/chat/editgroup.php?GroupName=plai

then i set the pass and  reseted again and still didn't work so then i just click  on updates settings  and the chat was reset and main was back

 

EakSl6f3S06sDqLRyaX1aA.png    

Step 1

Just being here i added an s  http For https

>> Like this >>  https://xat.com/web_gear/chat/editgroup.php?GroupName=plai

 

Step 2

hm4gCslSTHemBYiad8KCQA.png

 

Step 3

Still guest

zAQ79cJGT5CsZoGDSgBTUg.png

 

Step 4 and last

Click here

MpeacNUwSS6tQ-sJT1m0JA.png

 

And Main  is back.

Y-Dwjv7PTtWppJjGFEz8lQ.png

Link to comment
Share on other sites

  • Advanced Members

Maybe we should use a google doc or trello ?

 

The best solution would be trello with its columns system. (We could create 3 columns "Bugs", "Need to test", "Solved", about bugs we can add etiquettes "breaking bugs", "https warning").

 

What do you think @Admin ?

  • Award 1
Link to comment
Share on other sites

  • Advanced Members
1 minute ago, Brandon said:

Uh, progress has been slow on that. I'll expedite, but use another solution for now!

I can create this Trello in less than 30 seconds.

 

You just have to create a HTTPS Dashboard and add users to it.

Link to comment
Share on other sites

  • Advanced Members
2 hours ago, Admin said:

 

we can try it unless there are security issues

Ok, I will edit this post once it's created.

 

The Trello is ready, please pm me your mail adress to get the invitation.

Link to comment
Share on other sites

  • Advanced Members

Now please keep in mind for the sites and chat groups to be considered and flagged as "safe" by the browsers all flash objects on the site need to be edited to be embedded with "https://" aswell.

 

Since that requires you to edit the global chat group site:
Please also update the code to fix that previous spacing issue that appeared on the chat groups back in 2016 I provided a fix for. I refined that fix for a long time for the YouTube app to display the text again when no video is playing and further refinements.

You could try replacing this marked code here (link) with that new code below:

td img,[height="355"]{vertical-align:middle;}


I show you the results in Chrome on Windows 10 at Loja chat, which has no custom background user CSS:

Here is before (with old code)
Here is after (with new code)

 

 

When I click a YouTube player on certain chat groups, the YouTube video at this moment doesn't load. screenshot

 

 

 

Edit: Come on! http://prntscr.com/fuuv63

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.