Jump to content

HTTPS rollout


Admin

Recommended Posts

  • Advanced Members
On 11/07/2017 at 1:03 PM, Jedi said:

- tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service.

Incorrect, tinypic and other non-ssl hosts could still be used for image hosting if xat delivered the data through their own servers (by requesting the data using their own servers, and transmitting it to the user).

A historic example of xat using their own server as a gateway to image hosts can be seen in their old GetImage5.php file (http://i0.xat.com/web_gear/chat/GetImage5.php).

 

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

Link to comment
Share on other sites

  • Advanced Members

I don't know if it's related, but in the past weeks, when i try access reglinks of IDs in the same browser, in the ID box shows my id; (obviously if i try complete it, will say that the id is already registered)

But when i try in the anonymous mode (google chrome), it don't show the ID box, we can proceed with the registration and finish it but it don't show the ID; (causing doubts in buyers, as example)

I've noticed that it is happening with everyone and with all the IDs, so the cause it's not a reglink issue, proofs:

http://prntscr.com/fpdlzz (example in the same browser)

http://prntscr.com/fpdng6 (example in anonymous mode)

I covered the k1 and k2 due to the fact of prntscr and imgur be a public directory.

Link to comment
Share on other sites

  • Advanced Members
3 hours ago, adam_ said:

Incorrect, tinypic and other non-ssl hosts could still be used for image hosting if xat delivered the data through their own servers (by requesting the data using their own servers, and transmitting it to the user).

A historic example of xat using their own server as a gateway to image hosts can be seen in their old GetImage5.php file (http://i0.xat.com/web_gear/chat/GetImage5.php).

 

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

That means 2 requests -> more delay to get the image.

 

1 hour ago, Stif said:

I don't know if it's related, but in the past weeks, when i try access reglinks of IDs in the same browser, in the ID box shows my id; (obviously if i try complete it, will say that the id is already registered)

But when i try in the anonymous mode (google chrome), it don't show the ID box, we can proceed with the registration and finish it but it don't show the ID; (causing doubts in buyers, as example)

I've noticed that it is happening with everyone and with all the IDs, so the cause it's not a reglink issue, proofs:

http://prntscr.com/fpdlzz (example in the same browser)

http://prntscr.com/fpdng6 (example in anonymous mode)

I covered the k1 and k2 due to the fact of prntscr and imgur be a public directory.

register.php is reading info from cookie. That's why you can register an id in anonymous mode.

Link to comment
Share on other sites

  • Advanced Members
7 hours ago, adam_ said:

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

Its time to get rid of tinypic, its an outdated image host.

  • Award 1
Link to comment
Share on other sites

  • Advanced Members

Is this related that all kinds of flags from FLAG power don't work at this moment of posting? (ugh)

Maybe there are other smileys that do not work now, further investigations needed

Link to comment
Share on other sites

  • Advanced Members
41 minutes ago, Voymo said:

Is this related that all kinds of flags from FLAG power don't work at this moment of posting? (ugh)

Maybe there are other smileys that do not work now, further investigations needed

flags work for me (hmm) can you show them not working

Link to comment
Share on other sites

  • Advanced Members
16 minutes ago, oj said:

ok yeah it's set for https so like a couple other things it won't work on http

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

  • Award 2
Link to comment
Share on other sites

  • Advanced Members
Just now, Jedi said:

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

exactly, quite a few things are like that, notably youtube and a few other things

Link to comment
Share on other sites

  • Advanced Members
35 minutes ago, Jedi said:

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

it should not. The chat box + apps imo should be embedded with the https:// code and chat box embeds should be made so the embed code provided by xat is https aswell.

 

Since the admins seemingly plan forcing https:// on all chat groups aswell, it is imo senseless to have the embeds use http still, that breaks the use of it.

 

 

My idea would also be to just force https:// on sites like:

xat.com/login

xat.com/name

xat.com/buy

xat.com/powers

xat.com/transfergroup

xat webgear editgroup

 

all sites with password inputs. The rest could stay http imo. No need for a https chat box + apps embed then at all anymore.

 

Edit: Besides that "chat box" that is used for login purposes on xat.com/login e.g.

Link to comment
Share on other sites

  • Advanced Members
13 minutes ago, Majora said:

I disagree, // is used for urls to assume the base pages protocol, so the url would automatically work for both https and http, there is no inherent need to make them https:// directly.

The url should be flexible in the case that the site switches between https and http, things wont break due to mixed content errors.

Hmm alright, good to know. I thought // makes it http in every case. My bad.

 

Spoiler

(Sorry not used to talking to people on my level, from the german community, but you guys here partly seem to be even higher than my level LOL)

 

Link to comment
Share on other sites

  • Administrators
7 hours ago, LaFleur said:

Its time to get rid of tinypic, its an outdated image host.

 

hopefully tinypic is proxied, if not add it as bug please

 

HTTPS Back on

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.