[Aeva] Non-SSL on SSL Connection

CerealGuy

  • Posts: 343
[Aeva] Non-SSL on SSL Connection
« on May 31st, 2015, 10:31 AM »
Aeva doesn't change the embedded url to https if the user views the site over a ssl connection. Therefore you have non ssl content on a ssl encrypted page, which gets blocked by most browsers, for all other browsers it's a security issue.

Nao

  • Dadman with a boy
  • Posts: 16,079
[Aeva] Re: Non-SSL on SSL Connection
« Reply #1, on May 31st, 2015, 06:21 PM »
Kind of stuff gives me a headache...
Already had a hard time remembering how to patch wedge to support https there ;)

I'm not sure it can be done without restructuring some code. Or maybe it's just a matter of adding a byte in a regex, lol.

Not working at all on wedge these days. Busy with 100%ing Witcher 3 ;)

CerealGuy

  • Posts: 343
[Aeva] Re: Non-SSL on SSL Connection
« Reply #2, on May 31st, 2015, 09:14 PM »
Hmmm doesn't sound too good, perhaps Geralt has to kill this demon :niark:.
In the moment I'm reading the first book, which is till yet absolutely recommendable (no doubts that the rest is it too).

Nao

  • Dadman with a boy
  • Posts: 16,079
[Aeva] Re: Non-SSL on SSL Connection
« Reply #3, on June 1st, 2015, 08:22 AM »
I played through the Witcher 1 prologue years ago and disliked it. I should have insisted... Universe is so great. I'm excited to try it out again after I'm done with the third. And wedge :~¶

I'm still not a big fan of Geralt's slowish movements though!

Oh yeah and there's the TV show. It's cheap but I'll look into it. There's a HD version on YouTube.

CerealGuy

  • Posts: 343
[Aeva] Re: Non-SSL on SSL Connection
« Reply #4, on June 1st, 2015, 10:10 AM »Last edited on June 1st, 2015, 01:43 PM
The universe is fantastic, can't wait to get home and play it. But i will probably have to wait another 2 weeks till i have enough time (really enough time like 24/7 ^^).

How about adding another "magic" string (whats the proper term for this?)  like <URL>?  Something like <?HTTPS> which gets replaced with http or https depends on the users connection type.

Nao

  • Dadman with a boy
  • Posts: 16,079
[Aeva] Re: Non-SSL on SSL Connection
« Reply #5, on June 7th, 2015, 10:02 PM »
Have no idea if that's a solution.

Re TW3, I've probably accumulated 50 hours of play time, and I'm still in Act 1. Actually, I've deliberately chosen not to advance any of the three main quests, just doing some exploring. I finally went to Skellige a few days ago and it's even better than the previous regions. I've got all Gwent cards that aren't related to quests triggered later in the game. And I still can't beat some basic Skellige players. Lol. Like the innkeeper in Kaer something.

CerealGuy

  • Posts: 343
[Aeva] Re: Non-SSL on SSL Connection
« Reply #6, on June 13th, 2015, 10:33 AM »
Only started TW3 some days ago, it's fun but i'm not (anymore) a video gamer. But it was the first game where i enjoyed the dialogues and short sequences. I like it but i won't complete it. Not because of the game, i just can't pay attention to a game this long :D

Will try to make my idea on this to some code in the next days.

Nao

  • Dadman with a boy
  • Posts: 16,079
[Aeva] Re: Non-SSL on SSL Connection
« Reply #9, on September 3rd, 2015, 12:01 PM »
I stopped playing TW3 in early July because achievements were broken. Then a month (!!!!) later, they released a patch to fix achievements. Then another patch to award all missed achievements retroactively (meaning I COULD have played it in July... Yeah, not that achievements matter that much -_-), and after running that patch, they actually awarded me with the 'endgame' achievement, even though I wasn't even halfway through the game. This pissed me off a lot. Then I heard that achievements were broken AGAIN, and stopped playing again. Later I learned that the bug was only for Steam copies, not GOG copies, but I still had lost the spirit.

Basically, CDPR killed my interest in the game by patching it. I never had any bugs of any kind with the initial versions, lol. I'm confident I'll get back to finishing it at some point, maybe when they release the expansions, but I'm not paying full price for them, I'll be waiting for a better price (greenmangaming.com regularly offers the main game at ~25 euros, so it's kind of annoying that I paid way more for it only a couple of months earlier.)

As for SSL stuff, the only reason I never dropped support for IE7 and IE8 (and even IE6 to an extent) is, guess what... I spent so much time writing the CSS preprocessor specifically to get around IE bugs. Removing support for old IE would just make the system overkill, I'd say. Then again, IE9 and later still have their share of bugs, lol... And the preprocessor allows for graceful degradation of new browser features.

So, basically, I guess support for old IE could be dropped. NMS gives IE8's market share as 11%, making it undroppable, but then again NMS is Microsoft's b*tch so I wouldn't touch them with a 10-foot pole. Other websites give its stats from 3% to below 1%, so yeah, definitely droppable material at this point.

CerealGuy

  • Posts: 343
[Aeva] Re: Non-SSL on SSL Connection
« Reply #10, on September 4th, 2015, 10:46 PM »
The preprocessor is nice, really like it. Had a look at node.js the last days, and felt quite familiar with stylus and the idea of a css preprocessor. Maybe some wedge.js would be the shit and get the attention it would have deserved.

Anyways i created a pull request with a working solution, thats all i can do. If you have a better idea, any critics i will listen up and try to improve it.

Nao

  • Dadman with a boy
  • Posts: 16,079
[Aeva] Re: Non-SSL on SSL Connection
« Reply #11, on September 13th, 2015, 03:23 PM »
I absolutely loved node.js's concept and, to tell the truth, when Pete left Wedge, and I was at the peak of my love for JS (I still love it!), I seriously asked myself whether I should join an existing forum project for node.js and offer to move Wedge features to it. In the end, I decided against it because one of the goals in Wedge was to be accessible to as many admins as possible, and not everyone can use node.js on their servers.

Heck, given the current deployment state of Wedge, maybe I should have gone forward with it... ;)
(Then again, the forum project I was thinking of joining never took off, either.)

CerealGuy

  • Posts: 343
[Aeva] Re: Non-SSL on SSL Connection
« Reply #12, on September 13th, 2015, 10:46 PM »
For node.js there is only one bigger forum software, and that's nodebb (which I totally don't like, it's to "modern").
So yeah maybe you had better switched to node.js :lol:.

Umm when we're already in this topic, maybe we get ON topic again ^^
Is it possible that the short post previews on Notifications don't go through that <URL>/<PROT> replacement stuff?
If you don't know exactly, I will have a look on it...


Nao

  • Dadman with a boy
  • Posts: 16,079
[Aeva] Re: Non-SSL on SSL Connection
« Reply #13, on September 17th, 2015, 12:44 AM »
Yes, I was thinking of NodeBB, and I still like their design choices, but also think there's too much JavaScript in the whole software.
As you can see in Wedge, it has infinite scrolling, but it's WAY less annoying than the usual implementations. Best of both worlds. NodeBB goes for the 'annoying' version.

I was also thinking of esoTalk, although it's PHP-based, but JS-heavy, later it became Flarum, when the esoTalk guy was joined by a FluxBB developer (need I remind you guys that I'm a big fan of FluxBB, although I've never used it anywhere? I always liked that it completely lacked ANY JavaScript, making pages very fast to load. However, that lack of JS also means it had little to no features, and ultimately I prefer features over apparent speed; Wedge is, again, the best of both worlds in this case.)
They also launched a Kickstarter, which they failed. Flarum looks an awful LOT like NodeBB (may I say it totally copied them?), but in my opinion it looks and behaves better than NodeBB.

Still, in the end, it's all the same: just like Wedge, these are 'niche' projects, and haven't been widely deployed. Most websites keep using crap like vBulletin or phpBB. Their loss... :(

Re: post previews, I'd say yes, they go through it. Wedge tries it best to go through the output buffer replacement code for everything, including HTML generated through Ajax.