Jump to content
Admin

HTTPS rollout

Recommended Posts

12 minutes ago, Admin said:

 

thanks ...

 

i'll need to look at that so https off again ...

 

Just enable it when everything should be okay. (d) 

Share this post


Link to post
Share on other sites

Few others things:

 

https://xat.com/css/main.css -> line 346 -> background-image: url("http://xat.com/images/glyphicons-xat.png"); It should be change to https

- tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service.

- <script type="text/javascript" src="https://static.pbc.com/js/ultimatepay-api.js"></script> should be removed from buy.php since it's not used anymore + domain is dead. If someone buy it, he can inject code into buy page (oups)

https://xat.com/web_gear/chat/GetPowers.php allpowers.swf is not https

https://xat.com/web_gear/index.php it has a form http://www.xat.com/web_gear/chat.php it should be https. http://www.xatech.com/web_gear/chat/chat.swf should be called in https too.

https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf and powers images. Line 561, you are calling a jquery function, problem is the lib is not charged yet, you should call jquery before this function.

Share this post


Link to post
Share on other sites

https://xat.com/groups.php -> I don't know if this one has been reported but a few groups background are still using http. (See the quote)

 

Quote

Mixed Content: The page at 'https://xat.com/groups.php' was loaded over HTTPS, but requested an insecure image 'http://i1.xat.com/web_gear/chat/GetImage5.php?W=100&H=67&U=http://i.imgur.com/LhUncuQ.png'. This content should also be served over HTTPS.

 

12 hours ago, Jedi said:

https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf

 

Plus update the code embed on the page since it still uses http. (chat.php)

Share this post


Link to post
Share on other sites

- Media app is still using http links. (Specially when it gets the youtube image mc.pic.loadMovie("http://img.youtube.com/vi/" + _loc3_ + "/default.jpg",mc); AND mc.pic.loadMovie("http://" + _loc8_ + ".photobucket.com/" + _loc7_,mc);) SHOULDNT BE HTTPS DIRECTLY BUT // INSTEAD!

FIXED? - Grid app (30004) is still using http links and sometimes, it loads broken links. (Examplehttp://i.imgur.com/w5cOcAk.png)

- Trade App (30008) is still using http links. (Powers images)

 

are any of the below breaking ? -> It breaks the https yes. (That's why i added them (d) ) - Sloom

 

- Matchrace App (60193) is still using http links.  (matchrace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Xavi App (20047) is still using http links. (xavi.as -> "http://xat.com/json/xavi/"; // xatlib.as -> function (SmilieUrl))

- Hearts app (60225) is still using http links. ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl))

- Switch app (60239) is still using http links.  ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl))

- Spacewar app (60201) is still using http links. (xatinterface.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Snakerace app (60195) is still using http links. (snakerace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Library seems to be loaded somewhere and it's http. (See quote)

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/web_gear/flash/library.swf'. This content should also be served over HTTPS.

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://xat.com/web_gear/flash/load.swf?a4'. This content should also be served over HTTPS.

 

This error is coming from flag.swf since it loads external swfs for custom flag as http. (bkg.as)

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/images/sm2/flag/pe.swf?a'. This content should also be served over HTTPS.

 

Share this post


Link to post
Share on other sites

thanks for the bugs, working through them.

 

https ON again

  • Like 3

Share this post


Link to post
Share on other sites

FIXED

 

https needs to be changed to "//" otherwise it shows the xat planet (on the top left ...) @Admin

 

Page : chat.php

 

jrtJuq0.png jc0x0GY.gif

Share this post


Link to post
Share on other sites

Previously reported (reminder):

- If you click on the drop down menu (Store and More) on the main site, https breaks due to icons. 

-- Breaks on Auctions page too.(requested an insecure image 'http://xat.com/images/glyphicons-xat.png'.)

New:

- Safety wiki page (linked in footer) break https due to http images (altough wiki already was on https before, but i suppose it doesn't harm to report it now)

- Comments tab break https (xat.css and tWhite.png)

WQc5i-oqRymj2aWgT10ZIQ.jpeg

Share this post


Link to post
Share on other sites

There is a bug here in resetting the xat to get Main owner back this doesn't Load.

rlS04M_GQbqXfjStqrMv4A.png

Share this post


Link to post
Share on other sites

Ok i solved the problem i just went to http://xat.com/web_gear/chat/editgroup.php?GroupName=plai <<< i Add the s   >>  https://xat.com/web_gear/chat/editgroup.php?GroupName=plai

then i set the pass and  reseted again and still didn't work so then i just click  on updates settings  and the chat was reset and main was back

 

EakSl6f3S06sDqLRyaX1aA.png    

Step 1

Just being here i added an s  http For https

>> Like this >>  https://xat.com/web_gear/chat/editgroup.php?GroupName=plai

 

Step 2

hm4gCslSTHemBYiad8KCQA.png

 

Step 3

Still guest

zAQ79cJGT5CsZoGDSgBTUg.png

 

Step 4 and last

Click here

MpeacNUwSS6tQ-sJT1m0JA.png

 

And Main  is back.

Y-Dwjv7PTtWppJjGFEz8lQ.png

Share this post


Link to post
Share on other sites

do we have a forum bug tracker ? Can we use it for this ?

 

Id like 2 categories

 

breaking bugs

 

and https warning bugs

Share this post


Link to post
Share on other sites

Maybe we should use a google doc or trello ?

 

The best solution would be trello with its columns system. (We could create 3 columns "Bugs", "Need to test", "Solved", about bugs we can add etiquettes "breaking bugs", "https warning").

 

What do you think @Admin ?

  • Like 1

Share this post


Link to post
Share on other sites

Uh, progress has been slow on that. I'll expedite, but use another solution for now!

Share this post


Link to post
Share on other sites
1 minute ago, Brandon said:

Uh, progress has been slow on that. I'll expedite, but use another solution for now!

I can create this Trello in less than 30 seconds.

 

You just have to create a HTTPS Dashboard and add users to it.

Share this post


Link to post
Share on other sites
3 hours ago, Jedi said:

What do you think @Admin ?

 

we can try it unless there are security issues

Share this post


Link to post
Share on other sites
2 hours ago, Admin said:

 

we can try it unless there are security issues

Ok, I will edit this post once it's created.

 

The Trello is ready, please pm me your mail adress to get the invitation.

Share this post


Link to post
Share on other sites

Now please keep in mind for the sites and chat groups to be considered and flagged as "safe" by the browsers all flash objects on the site need to be edited to be embedded with "https://" aswell.

 

Since that requires you to edit the global chat group site:
Please also update the code to fix that previous spacing issue that appeared on the chat groups back in 2016 I provided a fix for. I refined that fix for a long time for the YouTube app to display the text again when no video is playing and further refinements.

You could try replacing this marked code here (link) with that new code below:

td img,[height="355"]{vertical-align:middle;}


I show you the results in Chrome on Windows 10 at Loja chat, which has no custom background user CSS:

Here is before (with old code)
Here is after (with new code)

 

 

When I click a YouTube player on certain chat groups, the YouTube video at this moment doesn't load. screenshot

 

 

 

Edit: Come on! http://prntscr.com/fuuv63

Share this post


Link to post
Share on other sites

Not sure if this was the cause, but all game bans seem to be broken

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.