Jump to content

HTTPS rollout

Admin

By Admin,
in General Discussion

 Share Followers 14

Recommended Posts

  • Replies 182
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Admin

RIP tinypic, thanks for all the fish

Admin

fixed, thanks.   Yes that's right. A deeper reason and what has drove this is that local storage is different on http and https. This has forced our hand.

Admin

https is being forced on on xat.com and xatech,com.   post here if anything breaks.

  • Bot Service Providers
Jedi

Jedi 579

Posted
  • Bot Service Providers
Posted

Few others things:

 

https://xat.com/css/main.css -> line 346 -> background-image: url("http://xat.com/images/glyphicons-xat.png"); It should be change to https

- tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service.

- <script type="text/javascript" src="https://static.pbc.com/js/ultimatepay-api.js"></script> should be removed from buy.php since it's not used anymore + domain is dead. If someone buy it, he can inject code into buy page (oups)

https://xat.com/web_gear/chat/GetPowers.php allpowers.swf is not https

https://xat.com/web_gear/index.php it has a form http://www.xat.com/web_gear/chat.php it should be https. http://www.xatech.com/web_gear/chat/chat.swf should be called in https too.

https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf and powers images. Line 561, you are calling a jquery function, problem is the lib is not charged yet, you should call jquery before this function.

Link to post
Share on other sites
  • Game Makers
SLOom

SLOom 1,341

Posted
  • Game Makers
Posted

https://xat.com/groups.php -> I don't know if this one has been reported but a few groups background are still using http. (See the quote)

 

Quote

Mixed Content: The page at 'https://xat.com/groups.php' was loaded over HTTPS, but requested an insecure image 'http://i1.xat.com/web_gear/chat/GetImage5.php?W=100&H=67&U=http://i.imgur.com/LhUncuQ.png'. This content should also be served over HTTPS.

 

12 hours ago, Jedi said:

https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf

 

Plus update the code embed on the page since it still uses http. (chat.php)

Link to post
Share on other sites
  • Game Makers
SLOom

SLOom 1,341

Posted
  • Game Makers
Posted

- Media app is still using http links. (Specially when it gets the youtube image mc.pic.loadMovie("http://img.youtube.com/vi/" + _loc3_ + "/default.jpg",mc); AND mc.pic.loadMovie("http://" + _loc8_ + ".photobucket.com/" + _loc7_,mc);) SHOULDNT BE HTTPS DIRECTLY BUT // INSTEAD!

FIXED? - Grid app (30004) is still using http links and sometimes, it loads broken links. (Examplehttp://i.imgur.com/w5cOcAk.png)

- Trade App (30008) is still using http links. (Powers images)

 

are any of the below breaking ? -> It breaks the https yes. (That's why i added them (d) ) - Sloom

 

- Matchrace App (60193) is still using http links.  (matchrace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Xavi App (20047) is still using http links. (xavi.as -> "http://xat.com/json/xavi/"; // xatlib.as -> function (SmilieUrl))

- Hearts app (60225) is still using http links. ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl))

- Switch app (60239) is still using http links.  ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl))

- Spacewar app (60201) is still using http links. (xatinterface.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Snakerace app (60195) is still using http links. (snakerace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl))

- Library seems to be loaded somewhere and it's http. (See quote)

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/web_gear/flash/library.swf'. This content should also be served over HTTPS.

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://xat.com/web_gear/flash/load.swf?a4'. This content should also be served over HTTPS.

 

This error is coming from flag.swf since it loads external swfs for custom flag as http. (bkg.as)

 

Quote

Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/images/sm2/flag/pe.swf?a'. This content should also be served over HTTPS.

 

Link to post
Share on other sites
  • Volunteers
LaFleur

LaFleur 3,168

Posted
  • Volunteers
Posted

Previously reported (reminder):

- If you click on the drop down menu (Store and More) on the main site, https breaks due to icons. 

-- Breaks on Auctions page too.(requested an insecure image 'http://xat.com/images/glyphicons-xat.png'.)

New:

- Safety wiki page (linked in footer) break https due to http images (altough wiki already was on https before, but i suppose it doesn't harm to report it now)

- Comments tab break https (xat.css and tWhite.png)

WQc5i-oqRymj2aWgT10ZIQ.jpeg

Link to post
Share on other sites
  • Advanced Members
ider

ider 119

Posted
  • Advanced Members
Posted

Ok i solved the problem i just went to http://xat.com/web_gear/chat/editgroup.php?GroupName=plai <<< i Add the s   >>  https://xat.com/web_gear/chat/editgroup.php?GroupName=plai

then i set the pass and  reseted again and still didn't work so then i just click  on updates settings  and the chat was reset and main was back

 

EakSl6f3S06sDqLRyaX1aA.png    

Step 1

Just being here i added an s  http For https

>> Like this >>  https://xat.com/web_gear/chat/editgroup.php?GroupName=plai

 

Step 2

hm4gCslSTHemBYiad8KCQA.png

 

Step 3

Still guest

zAQ79cJGT5CsZoGDSgBTUg.png

 

Step 4 and last

Click here

MpeacNUwSS6tQ-sJT1m0JA.png

 

And Main  is back.

Y-Dwjv7PTtWppJjGFEz8lQ.png

Link to post
Share on other sites
  • Bot Service Providers
Jedi

Jedi 579

Posted
  • Bot Service Providers
Posted

Maybe we should use a google doc or trello ?

 

The best solution would be trello with its columns system. (We could create 3 columns "Bugs", "Need to test", "Solved", about bugs we can add etiquettes "breaking bugs", "https warning").

 

What do you think @Admin ?

  • Award 1
Link to post
Share on other sites
  • Bot Service Providers
Jedi

Jedi 579

Posted
  • Bot Service Providers
Posted
1 minute ago, Brandon said:

Uh, progress has been slow on that. I'll expedite, but use another solution for now!

I can create this Trello in less than 30 seconds.

 

You just have to create a HTTPS Dashboard and add users to it.

Link to post
Share on other sites
  • Bot Service Providers
Jedi

Jedi 579

Posted
  • Bot Service Providers
Posted
2 hours ago, Admin said:

 

we can try it unless there are security issues

Ok, I will edit this post once it's created.

 

The Trello is ready, please pm me your mail adress to get the invitation.

Link to post
Share on other sites
  • Advanced Members
Voymo

Voymo 34

Posted
  • Advanced Members
Posted

Now please keep in mind for the sites and chat groups to be considered and flagged as "safe" by the browsers all flash objects on the site need to be edited to be embedded with "https://" aswell.

 

Since that requires you to edit the global chat group site:
Please also update the code to fix that previous spacing issue that appeared on the chat groups back in 2016 I provided a fix for. I refined that fix for a long time for the YouTube app to display the text again when no video is playing and further refinements.

You could try replacing this marked code here (link) with that new code below: 

td img,[height="355"]{vertical-align:middle;}


I show you the results in Chrome on Windows 10 at Loja chat, which has no custom background user CSS:

Here is before (with old code)
Here is after (with new code)

 

 

When I click a YouTube player on certain chat groups, the YouTube video at this moment doesn't load. screenshot

 

 

 

Edit: Come on! http://prntscr.com/fuuv63

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 14
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept