<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-language:EN-GB;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:EN-US;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>No nothing essential to do with the current codebase unless I’m missing something. Although Tom and I have previously discussed the need for changes re https etc for different reasons. More important at the moment to plan and develop some in advance guidance that this is the way it’s going and what to do short term and longer term in preparation for this e.g. changing configuration and ensuring existing links and embeds still work and login works etc.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>For instance at the moment if you view your page types example via https rather than http you’ll probably find it still works fine. However if you login via https it will login but not display the workspace correctly. That’s easy to fix if you know how but in some cases at least the user community will need guidance.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Perhaps a topic for our planned developer days.<o:p></o:p></p><p class=MsoNormal><a name="_MailEndCompose"><o:p> </o:p></a></p><span style='mso-bookmark:_MailEndCompose'></span><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='mso-fareast-language:EN-GB'>From:</span></b><span lang=EN-US style='mso-fareast-language:EN-GB'> xerte-dev-bounces@lists.nottingham.ac.uk [mailto:xerte-dev-bounces@lists.nottingham.ac.uk] <b>On Behalf Of </b>Julian Tenney<br><b>Sent:</b> 18 January 2017 08:55<br><b>To:</b> For Xerte technical developers <xerte-dev@lists.nottingham.ac.uk>; robb@interlin.nl<br><b>Subject:</b> [Xerte-dev] Re: Future Chrome release and how it will treat non SSL sites<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>Do we need to make changes and a release to make https the default for new installs?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I don’t fully understand it, so sorry if that’s the wrong question.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='mso-fareast-language:EN-GB'>From:</span></b><span lang=EN-US style='mso-fareast-language:EN-GB'> <a href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">xerte-dev-bounces@lists.nottingham.ac.uk</a> [<a href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</a>] <b>On Behalf Of </b>Ron Mitchell<br><b>Sent:</b> 17 January 2017 20:56<br><b>To:</b> <a href="mailto:robb@interlin.nl">robb@interlin.nl</a>; For Xerte technical developers <<a href="mailto:xerte-dev@lists.nottingham.ac.uk">xerte-dev@lists.nottingham.ac.uk</a>><br><b>Subject:</b> [Xerte-dev] Re: Future Chrome release and how it will treat non SSL sites<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>XOT already works if the server and installation is set to use https whether that be paid for certs or letsencrypt. But to date it's been up to whoever looks after the installation and there are disadvantages with using https too e.g embedding external non https content. My reason for mentioning this is that we probably need to put together some advice and guidance while it's still optional rather than essential, including how people switch their installations without breaking existing links and embeds etc.<br>Cheers<span style='font-size:12.0pt;mso-fareast-language:EN-GB'><o:p></o:p></span></p></div><div id=AppleMailSignature><p class=MsoNormal>Ron<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On 17 Jan 2017, at 20:37, robb <<a href="mailto:robb@interlin.nl">robb@interlin.nl</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p>I think XoT should be accessed through SSL only. A good option would be to support <a href="https://letsencrypt.org/">letsencrypt</a> by default.<o:p></o:p></p><p>regards,<o:p></o:p></p><p>Rob<o:p></o:p></p><div><p class=MsoNormal>Op 17-01-17 om 18:23 schreef Ron Mitchell:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Hi all<o:p></o:p></p><p class=MsoNormal>Just reading this <a href="https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/">https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/</a> and suspect we should put a similar advisory together re Xerte installations and SSL etc.<o:p></o:p></p><p class=MsoNormal>What do you think?<o:p></o:p></p><p class=MsoNormal>Ron<o:p></o:p></p><pre>This message and any attachment are intended solely for the addressee<o:p></o:p></pre><pre>and may contain confidential information. If you have received this<o:p></o:p></pre><pre>message in error, please send it back to me, and immediately delete it. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Please do not use, copy or disclose the information contained in this<o:p></o:p></pre><pre>message or in any attachment. Any views or opinions expressed by the<o:p></o:p></pre><pre>author of this email do not necessarily reflect the views of the<o:p></o:p></pre><pre>University of Nottingham.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>This message has been checked for viruses but the contents of an<o:p></o:p></pre><pre>attachment may still contain software viruses which could damage your<o:p></o:p></pre><pre>computer system, you are advised to perform your own checks. Email<o:p></o:p></pre><pre>communications with the University of Nottingham may be monitored as<o:p></o:p></pre><pre>permitted by UK legislation.<o:p></o:p></pre><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB'><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is <br>believed to be clean. <br><br><o:p></o:p></span></p><pre>_______________________________________________<o:p></o:p></pre><pre>Xerte-dev mailing list<o:p></o:p></pre><pre><a href="mailto:Xerte-dev@lists.nottingham.ac.uk">Xerte-dev@lists.nottingham.ac.uk</a><o:p></o:p></pre><pre><a href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</a><o:p></o:p></pre></blockquote><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB'><br><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is <br>believed to be clean. <o:p></o:p></span></p><pre><o:p> </o:p></pre><pre>This message and any attachment are intended solely for the addressee<o:p></o:p></pre><pre>and may contain confidential information. If you have received this<o:p></o:p></pre><pre>message in error, please send it back to me, and immediately delete it. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Please do not use, copy or disclose the information contained in this<o:p></o:p></pre><pre>message or in any attachment. Any views or opinions expressed by the<o:p></o:p></pre><pre>author of this email do not necessarily reflect the views of the<o:p></o:p></pre><pre>University of Nottingham.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>This message has been checked for viruses but the contents of an<o:p></o:p></pre><pre>attachment may still contain software viruses which could damage your<o:p></o:p></pre><pre>computer system, you are advised to perform your own checks. Email<o:p></o:p></pre><pre>communications with the University of Nottingham may be monitored as<o:p></o:p></pre><pre>permitted by UK legislation.<o:p></o:p></pre></div></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB'>_______________________________________________<br>Xerte-dev mailing list<br><a href="mailto:Xerte-dev@lists.nottingham.ac.uk">Xerte-dev@lists.nottingham.ac.uk</a><br><a href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</a><o:p></o:p></span></p></div></blockquote><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre>This message and any attachment are intended solely for the addressee<o:p></o:p></pre><pre>and may contain confidential information. If you have received this<o:p></o:p></pre><pre>message in error, please send it back to me, and immediately delete it. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Please do not use, copy or disclose the information contained in this<o:p></o:p></pre><pre>message or in any attachment. Any views or opinions expressed by the<o:p></o:p></pre><pre>author of this email do not necessarily reflect the views of the<o:p></o:p></pre><pre>University of Nottingham.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>This message has been checked for viruses but the contents of an<o:p></o:p></pre><pre>attachment may still contain software viruses which could damage your<o:p></o:p></pre><pre>computer system, you are advised to perform your own checks. Email<o:p></o:p></pre><pre>communications with the University of Nottingham may be monitored as<o:p></o:p></pre><pre>permitted by UK legislation.<o:p></o:p></pre></div></body></html>