Jump to content
📢 Flash has been removed by Adobe. We continue with the new xat chat! More information ×

HTTPS rollout

Admin

By Admin,
in General Discussion

 Share Followers 14

Recommended Posts

  • Replies 182
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Admin

RIP tinypic, thanks for all the fish

Admin

fixed, thanks.   Yes that's right. A deeper reason and what has drove this is that local storage is different on http and https. This has forced our hand.

Admin

https is being forced on on xat.com and xatech,com.   post here if anything breaks.

  • Advanced Members
adam_

adam_ 89

Posted
  • Advanced Members
Posted
On 11/07/2017 at 1:03 PM, Jedi said:

- tinypic doesn't support https, that's a problem, xat can't be 100% https if users are still using this service.

Incorrect, tinypic and other non-ssl hosts could still be used for image hosting if xat delivered the data through their own servers (by requesting the data using their own servers, and transmitting it to the user).

A historic example of xat using their own server as a gateway to image hosts can be seen in their old GetImage5.php file (http://i0.xat.com/web_gear/chat/GetImage5.php).

 

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

Link to post
Share on other sites
  • Advanced Members
Stif2

Stif2 151

Posted
  • Advanced Members
Posted

I don't know if it's related, but in the past weeks, when i try access reglinks of IDs in the same browser, in the ID box shows my id; (obviously if i try complete it, will say that the id is already registered)

But when i try in the anonymous mode (google chrome), it don't show the ID box, we can proceed with the registration and finish it but it don't show the ID; (causing doubts in buyers, as example)

I've noticed that it is happening with everyone and with all the IDs, so the cause it's not a reglink issue, proofs:

http://prntscr.com/fpdlzz (example in the same browser)

http://prntscr.com/fpdng6 (example in anonymous mode)

I covered the k1 and k2 due to the fact of prntscr and imgur be a public directory.

Link to post
Share on other sites
  • Bot Service Providers
Jedi

Jedi 579

Posted
  • Bot Service Providers
Posted
3 hours ago, adam_ said:

Incorrect, tinypic and other non-ssl hosts could still be used for image hosting if xat delivered the data through their own servers (by requesting the data using their own servers, and transmitting it to the user).

A historic example of xat using their own server as a gateway to image hosts can be seen in their old GetImage5.php file (http://i0.xat.com/web_gear/chat/GetImage5.php).

 

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

That means 2 requests -> more delay to get the image.

 

1 hour ago, Stif said:

I don't know if it's related, but in the past weeks, when i try access reglinks of IDs in the same browser, in the ID box shows my id; (obviously if i try complete it, will say that the id is already registered)

But when i try in the anonymous mode (google chrome), it don't show the ID box, we can proceed with the registration and finish it but it don't show the ID; (causing doubts in buyers, as example)

I've noticed that it is happening with everyone and with all the IDs, so the cause it's not a reglink issue, proofs:

http://prntscr.com/fpdlzz (example in the same browser)

http://prntscr.com/fpdng6 (example in anonymous mode)

I covered the k1 and k2 due to the fact of prntscr and imgur be a public directory.

register.php is reading info from cookie. That's why you can register an id in anonymous mode.

Link to post
Share on other sites
  • Volunteers
LaFleur

LaFleur 3,119

Posted
  • Volunteers
Posted
7 hours ago, adam_ said:

Forcing users to adapt to an SSL supported host will only frustrate users, a very bad suggestion from you to cut Tinypic access, Jedi.

Its time to get rid of tinypic, its an outdated image host.

  • Award 1
Link to post
Share on other sites
  • Wiki Translators
Voymo

Voymo 34

Posted
  • Wiki Translators
Posted

Is this related that all kinds of flags from FLAG power don't work at this moment of posting? (ugh)

Maybe there are other smileys that do not work now, further investigations needed

Link to post
Share on other sites
  • Advanced Members
oj

oj 476

Posted
  • Advanced Members
Posted
41 minutes ago, Voymo said:

Is this related that all kinds of flags from FLAG power don't work at this moment of posting? (ugh)

Maybe there are other smileys that do not work now, further investigations needed

flags work for me (hmm) can you show them not working

Link to post
Share on other sites
  • Bot Service Providers
Jedi

Jedi 579

Posted
  • Bot Service Providers
Posted
16 minutes ago, oj said:

ok yeah it's set for https so like a couple other things it won't work on http

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

  • Award 2
Link to post
Share on other sites
  • Advanced Members
oj

oj 476

Posted
  • Advanced Members
Posted
Just now, Jedi said:

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

exactly, quite a few things are like that, notably youtube and a few other things

Link to post
Share on other sites
  • Wiki Translators
Voymo

Voymo 34

Posted
  • Wiki Translators
Posted
35 minutes ago, Jedi said:

Well, yes and no, it should be // instead of https:// to be sure it works on http and https.

it should not. The chat box + apps imo should be embedded with the https:// code and chat box embeds should be made so the embed code provided by xat is https aswell.

 

Since the admins seemingly plan forcing https:// on all chat groups aswell, it is imo senseless to have the embeds use http still, that breaks the use of it.

 

 

My idea would also be to just force https:// on sites like:

xat.com/login

xat.com/name

xat.com/buy

xat.com/powers

xat.com/transfergroup

xat webgear editgroup

 

all sites with password inputs. The rest could stay http imo. No need for a https chat box + apps embed then at all anymore.

 

Edit: Besides that "chat box" that is used for login purposes on xat.com/login e.g.

Link to post
Share on other sites
  • Members
  • Popular Post
Majora

Majora 26

Posted
  • Members
  • Popular Post
Posted
23 minutes ago, Voymo said:

it should not. The chat box + apps imo should be embedded with the https:// code and chat box embeds should be made so the embed code provided by xat is https aswell.

 

Since the admins seemingly plan forcing https:// on all chat groups aswell, it is imo senseless to have the embeds use http still, that breaks the use of it.

 

 

My idea would also be to just force https:// on sites like:

xat.com/login

xat.com/name

xat.com/buy

xat.com/powers

xat.com/transfergroup

xat webgear editgroup

 

all sites with password inputs. The rest could stay http imo. No need for a https chat box + apps embed then at all anymore.

 

Edit: Besides that "chat box" that is used for login purposes on xat.com/login e.g.

I disagree, // is used for urls to assume the base pages protocol, so the url would automatically work for both https and http, there is no inherent need to make them https:// directly.

The url should be flexible in the case that the site switches between https and http, things wont break due to mixed content errors.

  • Award 6
Link to post
Share on other sites
  • Wiki Translators
Voymo

Voymo 34

Posted
  • Wiki Translators
Posted
13 minutes ago, Majora said:

I disagree, // is used for urls to assume the base pages protocol, so the url would automatically work for both https and http, there is no inherent need to make them https:// directly.

The url should be flexible in the case that the site switches between https and http, things wont break due to mixed content errors.

Hmm alright, good to know. I thought // makes it http in every case. My bad.

 

Spoiler

(Sorry not used to talking to people on my level, from the german community, but you guys here partly seem to be even higher than my level LOL)

 

Link to post
Share on other sites
  • Administrators
Admin

Admin 1,662

Posted
  • Author
  • Administrators
Posted
7 hours ago, LaFleur said:

Its time to get rid of tinypic, its an outdated image host.

 

hopefully tinypic is proxied, if not add it as bug please

 

HTTPS Back on

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 14
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept