[Xerte] Re: Query about Xerte https access
Julian.Tenney at nottingham.ac.uk
Wed Jul 24 16:39:06 BST 2013
I've forwarded this to the dev list for rumination. Thanks. Sounds like something we need to sort out,
From: xerte-bounces at lists.nottingham.ac.uk [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Jamie Wood
Sent: 24 July 2013 16:36
To: xerte at lists.nottingham.ac.uk
Cc: Joss Winn
Subject: [Xerte] Query about Xerte https access
We're running a Xerte project here at Lincoln and have come across a problem with Chrome (and other browsers) running Xerte over https. I've copied over a query from our Centre for Educational Research and Development below about this technical issue. Can anyone help with this and the questions in the paragraphs within the dotted lines below?
The issue seems to be that Chrome has a problem with running Xerte securely over https. It says that although https is turned on on our server, some of the files are non-securely 'leaking' over http. It seems to be especially strict about this, compared to other browsers. If I turn off https altogether and, this is key, remove all cookies and browsing history from Chrome, then it performs perfectly OK over http.
The problem we have is that to use university logins, we need to run it over https, and if the tool is going to be used by 100+ people, this is by far the preferred method of login.
Jamie, please could you write to the mailing list, copying me in, reporting this problem and asking for advice? How are other institutions running it successfully over https? Why is Xerte serving certain files over http, when https is being requested? This seems like a bug and a security issue with Xerte to me.
Dr Jamie Wood
Lecturer in History,
School of Humanities,
University of Lincoln,
Lincoln LN6 7TS
Email: jwood at lincoln.ac.uk<mailto:jwood at lincoln.ac.uk>
Tel.: +44(0)1522 837389
Xerte mailing list
Xerte at lists.nottingham.ac.uk
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
More information about the Xerte