#157: https doesn't work correctly on fedoramagazine.org -----------------------------+------------------------------ Reporter: sparks | Owner: chrisroberts Type: task | Status: new Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Keywords: | Blocked By: Blocking: | -----------------------------+------------------------------ When forcing https on fedoramagazine.org it appears to break CSS.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: closed Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: wontfix | Keywords: Blocked By: | Blocking: ------------------------------+----------------------------- Changes (by chrisroberts):
* status: new => closed * resolution: => wontfix
Comment:
Https is not needed on the site since auth is going through FAS for users. If we decided to change from FAS or change the infrastructure behind the Magazine this ticket can be revisited. Marking as wontfix.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+----------------------------- Changes (by sparks):
* status: closed => reopened * resolution: wontfix =>
Comment:
Actually, HTTPS is needed to keep the authentication tickets a secret. It's fine that FAS authentication is encrypted but when the ticket is passed around for authentication purposes in WP in the clear it leaves your authentication open for attack (and could leave other services vulnerable that use FAS for auth). This is a known attack vector and I believe we've seen some attacks in the wild with this.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by ankursinha):
Hiya,
I see that https still causes the rendering to break. Chris, will this remain a wontfix?
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by mailga):
Please consider also https://fedorahosted.org/marketing-team/ticket/171
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by jflory7):
Hi all,
Not sure where the status on this is right now. I've noticed it seems SSL is the default on the Magazine, but WordPress images are not being served over SSL, which causes browsers to complain about the page being insecure. Not sure how difficult this is, but as far as I know, this is really the only blocking element to being 100% SSL-ready for the Magazine?
Thanks!
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by till):
maybe you can use the communityblog configuration also for the magazine since it supports https now properly: https://communityblog.fedoraproject.org/
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by till):
Also please do not forget to set the authentication cookies to be secure and enable http strict transport security once https is properly configured.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by jflory7):
This ticket was brought up in the weekly Magazine meeting tonight. Featured images are being served over SSL but not content images like screenshots found in [https://fedoramagazine.org/never-leave-irc-znc/ this article].
puiterwijk is taking a look at it now.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: reopened Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by cydrobolt):
This seems to work for me in Chrome 46 on Fedora 23, and also in Firefox. Has this been fixed?
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: closed Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: fixed | Keywords: Blocked By: | Blocking: ------------------------------+----------------------------- Changes (by puiterwijk):
* resolution: => fixed * status: reopened => closed
Comment:
The Fedora Magazine articles have now all been fixed, and this issue should be resolved. Please reopen the ticket if you find any images or references that are still broken.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: closed Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: fixed | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by puiterwijk):
Note: sslonly and HTTP Strict Transport Security will be enabled by the end of this week.
After that is enabled, people will not be able to visit the magazine through non-secured channels anymore.
#157: https doesn't work correctly on fedoramagazine.org ------------------------------+----------------------------- Reporter: sparks | Owner: chrisroberts Type: task | Status: closed Priority: major | Milestone: Future releases Component: Fedora Magazine | Severity: urgent Resolution: fixed | Keywords: Blocked By: | Blocking: ------------------------------+-----------------------------
Comment (by jflory7):
Replying to [comment:11 puiterwijk]:
Note: sslonly and HTTP Strict Transport Security will be enabled by the
end of this week.
After that is enabled, people will not be able to visit the magazine
through non-secured channels anymore. Awesome news, thanks again Patrick!
marketing@lists.fedoraproject.org