Jump to content
Admin

HTTPS rollout

Recommended Posts

54 minutes ago, Poke said:

Not sure if this was the cause, but all game bans seem to be broken

It's reported. He will fix it.

Share this post


Link to post
Share on other sites
On 11/07/2017 at 1:03 PM, Jedi said:

- tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service.

Incorrect, tinypic and other non-ssl hosts could still be used for image hosting if xat delivered the data through their own servers (by requesting the data using their own servers, and transmitting it to the user).

A historic example of xat using their own server as a gateway to image hosts can be seen in their old GetImage5.php file (http://i0.xat.com/web_gear/chat/GetImage5.php).

 

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

Share this post


Link to post
Share on other sites

I don't know if it's related, but in the past weeks, when i try access reglinks of IDs in the same browser, in the ID box shows my id; (obviously if i try complete it, will say that the id is already registered)

But when i try in the anonymous mode (google chrome), it don't show the ID box, we can proceed with the registration and finish it but it don't show the ID; (causing doubts in buyers, as example)

I've noticed that it is happening with everyone and with all the IDs, so the cause it's not a reglink issue, proofs:

http://prntscr.com/fpdlzz (example in the same browser)

http://prntscr.com/fpdng6 (example in anonymous mode)

I covered the k1 and k2 due to the fact of prntscr and imgur be a public directory.

Share this post


Link to post
Share on other sites
3 hours ago, adam_ said:

Incorrect, tinypic and other non-ssl hosts could still be used for image hosting if xat delivered the data through their own servers (by requesting the data using their own servers, and transmitting it to the user).

A historic example of xat using their own server as a gateway to image hosts can be seen in their old GetImage5.php file (http://i0.xat.com/web_gear/chat/GetImage5.php).

 

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

That means 2 requests -> more delay to get the image.

 

1 hour ago, Stif said:

I don't know if it's related, but in the past weeks, when i try access reglinks of IDs in the same browser, in the ID box shows my id; (obviously if i try complete it, will say that the id is already registered)

But when i try in the anonymous mode (google chrome), it don't show the ID box, we can proceed with the registration and finish it but it don't show the ID; (causing doubts in buyers, as example)

I've noticed that it is happening with everyone and with all the IDs, so the cause it's not a reglink issue, proofs:

http://prntscr.com/fpdlzz (example in the same browser)

http://prntscr.com/fpdng6 (example in anonymous mode)

I covered the k1 and k2 due to the fact of prntscr and imgur be a public directory.

register.php is reading info from cookie. That's why you can register an id in anonymous mode.

Share this post


Link to post
Share on other sites
8 minutes ago, Fiona said:

@Admin

Promoting a chat group doesn't work...

o2WcbeE.gif

 

@Fiona he just fixed it, can you try again and tell me if it works ?

Share this post


Link to post
Share on other sites
Just now, Jedi said:

@Fiona he just fixed it, can you try again and tell me if it works ?

 Fixed. Thanks

  • Like 1

Share this post


Link to post
Share on other sites
7 hours ago, adam_ said:

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

Its time to get rid of tinypic, its an outdated image host.

  • Like 1

Share this post


Link to post
Share on other sites

Is this related that all kinds of flags from FLAG power don't work at this moment of posting? (ugh)

Maybe there are other smileys that do not work now, further investigations needed

Share this post


Link to post
Share on other sites
41 minutes ago, Voymo said:

Is this related that all kinds of flags from FLAG power don't work at this moment of posting? (ugh)

Maybe there are other smileys that do not work now, further investigations needed

flags work for me (hmm) can you show them not working

Share this post


Link to post
Share on other sites
16 minutes ago, oj said:

ok yeah it's set for https so like a couple other things it won't work on http

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

  • Like 2

Share this post


Link to post
Share on other sites
Just now, Jedi said:

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

exactly, quite a few things are like that, notably youtube and a few other things

Share this post


Link to post
Share on other sites
35 minutes ago, Jedi said:

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

it should not. The chat box + apps imo should be embedded with the https:// code and chat box embeds should be made so the embed code provided by xat is https aswell.

 

Since the admins seemingly plan forcing https:// on all chat groups aswell, it is imo senseless to have the embeds use http still, that breaks the use of it.

 

 

My idea would also be to just force https:// on sites like:

xat.com/login

xat.com/name

xat.com/buy

xat.com/powers

xat.com/transfergroup

xat webgear editgroup

 

all sites with password inputs. The rest could stay http imo. No need for a https chat box + apps embed then at all anymore.

 

Edit: Besides that "chat box" that is used for login purposes on xat.com/login e.g.

Share this post


Link to post
Share on other sites
13 minutes ago, Majora said:

I disagree, // is used for urls to assume the base pages protocol, so the url would automatically work for both https and http, there is no inherent need to make them https:// directly.

The url should be flexible in the case that the site switches between https and http, things wont break due to mixed content errors.

Hmm alright, good to know. I thought // makes it http in every case. My bad.

 

Spoiler

(Sorry not used to talking to people on my level, from the german community, but you guys here partly seem to be even higher than my level LOL)

 

Share this post


Link to post
Share on other sites
5 minutes ago, Voymo said:

Hmm alright, good to know. I thought // makes it http in every case. My bad.

protocol relative url, if you load assets with // on http://xat.com it'll use http, if you load assets with // on https://xat.com it'll use https

Share this post


Link to post
Share on other sites
7 hours ago, LaFleur said:

Its time to get rid of tinypic, its an outdated image host.

 

hopefully tinypic is proxied, if not add it as bug please

 

HTTPS Back on

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.