SLOom 1226 Posted July 11, 2017 12 minutes ago, Admin said: thanks ... i'll need to look at that so https off again ... Just enable it when everything should be okay. Share this post Link to post Share on other sites
Jedi 571 Posted July 11, 2017 Few others things: - https://xat.com/css/main.css -> line 346 -> background-image: url("http://xat.com/images/glyphicons-xat.png"); It should be change to https - tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service. - <script type="text/javascript" src="https://static.pbc.com/js/ultimatepay-api.js"></script> should be removed from buy.php since it's not used anymore + domain is dead. If someone buy it, he can inject code into buy page (oups) - https://xat.com/web_gear/chat/GetPowers.php allpowers.swf is not https - https://xat.com/web_gear/index.php it has a form http://www.xat.com/web_gear/chat.php it should be https. http://www.xatech.com/web_gear/chat/chat.swf should be called in https too. - https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf and powers images. Line 561, you are calling a jquery function, problem is the lib is not charged yet, you should call jquery before this function. Share this post Link to post Share on other sites
SLOom 1226 Posted July 11, 2017 - https://xat.com/groups.php -> I don't know if this one has been reported but a few groups background are still using http. (See the quote) Quote Mixed Content: The page at 'https://xat.com/groups.php' was loaded over HTTPS, but requested an insecure image 'http://i1.xat.com/web_gear/chat/GetImage5.php?W=100&H=67&U=http://i.imgur.com/LhUncuQ.png'. This content should also be served over HTTPS. 12 hours ago, Jedi said: https://xat.com/web_gear/chat.php All default background should be called via https instead of http, same for chat.swf Plus update the code embed on the page since it still uses http. (chat.php) Share this post Link to post Share on other sites
SLOom 1226 Posted July 11, 2017 - Media app is still using http links. (Specially when it gets the youtube image mc.pic.loadMovie("http://img.youtube.com/vi/" + _loc3_ + "/default.jpg",mc); AND mc.pic.loadMovie("http://" + _loc8_ + ".photobucket.com/" + _loc7_,mc);) SHOULDNT BE HTTPS DIRECTLY BUT // INSTEAD! FIXED? - Grid app (30004) is still using http links and sometimes, it loads broken links. (Example : http://i.imgur.com/w5cOcAk.png) - Trade App (30008) is still using http links. (Powers images) are any of the below breaking ? -> It breaks the https yes. (That's why i added them ) - Sloom - Matchrace App (60193) is still using http links. (matchrace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl)) - Xavi App (20047) is still using http links. (xavi.as -> "http://xat.com/json/xavi/"; // xatlib.as -> function (SmilieUrl)) - Hearts app (60225) is still using http links. ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl)) - Switch app (60239) is still using http links. ( client.as -> "http://www.xatech.com/images/ani/" // xatlib.as -> function (SmilieUrl)) - Spacewar app (60201) is still using http links. (xatinterface.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl)) - Snakerace app (60195) is still using http links. (snakerace.as -> "http://xat.com/json/lang/lookup.php?l=" // xatlib.as -> function (SmilieUrl)) - Library seems to be loaded somewhere and it's http. (See quote) Quote Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/web_gear/flash/library.swf'. This content should also be served over HTTPS. Quote Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://xat.com/web_gear/flash/load.swf?a4'. This content should also be served over HTTPS. This error is coming from flag.swf since it loads external swfs for custom flag as http. (bkg.as) Quote Mixed Content: The page at 'https://xat.com/xat_test' was loaded over HTTPS, but requested an insecure plugin data 'http://www.xatech.com/images/sm2/flag/pe.swf?a'. This content should also be served over HTTPS. Share this post Link to post Share on other sites
Admin 1631 Posted July 11, 2017 2 hours ago, oj said: It works for image hosts that work with https:// ex: https://i68.tinypic.com/67048y.jpg does not work because tinypic does not work with https RIP tinypic, thanks for all the fish 8 Share this post Link to post Share on other sites
SLOom 1226 Posted July 11, 2017 Gamebans swf are still using http links. (Example: http://xat.com/web_gear/chat/snakeban + crossdomain.xml) breaking ? -> It breaks the https yes. -Sloom Share this post Link to post Share on other sites
Admin 1631 Posted July 11, 2017 thanks for the bugs, working through them. https ON again 3 Share this post Link to post Share on other sites
SLOom 1226 Posted July 11, 2017 Translate is broken (It doesn't send back the message on chat). @Admin 1 Share this post Link to post Share on other sites
TrueRedDevil 191 Posted July 11, 2017 FIXED Not sure if related but Protect seems to be broken too 1 Share this post Link to post Share on other sites
ANGY 754 Posted July 11, 2017 25 minutes ago, Admin said: and off again ! Share this post Link to post Share on other sites
SLOom 1226 Posted July 11, 2017 FIXED https needs to be changed to "//" otherwise it shows the xat planet (on the top left ...) @Admin Page : chat.php Share this post Link to post Share on other sites
LaFleur 2692 Posted July 11, 2017 Previously reported (reminder): - If you click on the drop down menu (Store and More) on the main site, https breaks due to icons. -- Breaks on Auctions page too.(requested an insecure image 'http://xat.com/images/glyphicons-xat.png'.) New: - Safety wiki page (linked in footer) break https due to http images (altough wiki already was on https before, but i suppose it doesn't harm to report it now) - Comments tab break https (xat.css and tWhite.png) Share this post Link to post Share on other sites
ider 114 Posted July 12, 2017 There is a bug here in resetting the xat to get Main owner back this doesn't Load. Share this post Link to post Share on other sites
ider 114 Posted July 12, 2017 Ok i solved the problem i just went to http://xat.com/web_gear/chat/editgroup.php?GroupName=plai <<< i Add the s >> https://xat.com/web_gear/chat/editgroup.php?GroupName=plai then i set the pass and reseted again and still didn't work so then i just click on updates settings and the chat was reset and main was back Step 1 Just being here i added an s http For https >> Like this >> https://xat.com/web_gear/chat/editgroup.php?GroupName=plai Step 2 Step 3 Still guest Step 4 and last Click here And Main is back. Share this post Link to post Share on other sites
ider 114 Posted July 12, 2017 Problem solved in spanish Share this post Link to post Share on other sites
Admin 1631 Posted July 12, 2017 do we have a forum bug tracker ? Can we use it for this ? Id like 2 categories breaking bugs and https warning bugs Share this post Link to post Share on other sites
Jedi 571 Posted July 12, 2017 Maybe we should use a google doc or trello ? The best solution would be trello with its columns system. (We could create 3 columns "Bugs", "Need to test", "Solved", about bugs we can add etiquettes "breaking bugs", "https warning"). What do you think @Admin ? 1 Share this post Link to post Share on other sites
Brandon 1472 Posted July 12, 2017 Uh, progress has been slow on that. I'll expedite, but use another solution for now! Share this post Link to post Share on other sites
Jedi 571 Posted July 12, 2017 1 minute ago, Brandon said: Uh, progress has been slow on that. I'll expedite, but use another solution for now! I can create this Trello in less than 30 seconds. You just have to create a HTTPS Dashboard and add users to it. Share this post Link to post Share on other sites
Admin 1631 Posted July 12, 2017 3 hours ago, Jedi said: What do you think @Admin ? we can try it unless there are security issues Share this post Link to post Share on other sites
Jedi 571 Posted July 12, 2017 2 hours ago, Admin said: we can try it unless there are security issues Ok, I will edit this post once it's created. The Trello is ready, please pm me your mail adress to get the invitation. Share this post Link to post Share on other sites
Voymo 15 Posted July 12, 2017 Now please keep in mind for the sites and chat groups to be considered and flagged as "safe" by the browsers all flash objects on the site need to be edited to be embedded with "https://" aswell. Since that requires you to edit the global chat group site: Please also update the code to fix that previous spacing issue that appeared on the chat groups back in 2016 I provided a fix for. I refined that fix for a long time for the YouTube app to display the text again when no video is playing and further refinements. You could try replacing this marked code here (link) with that new code below: td img,[height="355"]{vertical-align:middle;} I show you the results in Chrome on Windows 10 at Loja chat, which has no custom background user CSS: Here is before (with old code) Here is after (with new code) When I click a YouTube player on certain chat groups, the YouTube video at this moment doesn't load. screenshot Edit: Come on! http://prntscr.com/fuuv63 Share this post Link to post Share on other sites
Poke 52 Posted July 12, 2017 Not sure if this was the cause, but all game bans seem to be broken Share this post Link to post Share on other sites
