[Xerte-dev] Re: Future Chrome release and how it will treat non SSL sites
Ron Mitchell
ronm at mitchellmedia.co.uk
Wed Jan 18 11:14:28 GMT 2017
No nothing essential to do with the current codebase unless I’m missing something. Although Tom and I have previously discussed the need for changes re https etc for different reasons. More important at the moment to plan and develop some in advance guidance that this is the way it’s going and what to do short term and longer term in preparation for this e.g. changing configuration and ensuring existing links and embeds still work and login works etc.
For instance at the moment if you view your page types example via https rather than http you’ll probably find it still works fine. However if you login via https it will login but not display the workspace correctly. That’s easy to fix if you know how but in some cases at least the user community will need guidance.
Perhaps a topic for our planned developer days.
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 18 January 2017 08:55
To: For Xerte technical developers <xerte-dev at lists.nottingham.ac.uk>; robb at interlin.nl
Subject: [Xerte-dev] Re: Future Chrome release and how it will treat non SSL sites
Do we need to make changes and a release to make https the default for new installs?
I don’t fully understand it, so sorry if that’s the wrong question.
From: xerte-dev-bounces at lists.nottingham.ac.uk <mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 17 January 2017 20:56
To: robb at interlin.nl <mailto:robb at interlin.nl> ; For Xerte technical developers <xerte-dev at lists.nottingham.ac.uk <mailto:xerte-dev at lists.nottingham.ac.uk> >
Subject: [Xerte-dev] Re: Future Chrome release and how it will treat non SSL sites
XOT already works if the server and installation is set to use https whether that be paid for certs or letsencrypt. But to date it's been up to whoever looks after the installation and there are disadvantages with using https too e.g embedding external non https content. My reason for mentioning this is that we probably need to put together some advice and guidance while it's still optional rather than essential, including how people switch their installations without breaking existing links and embeds etc.
Cheers
Ron
On 17 Jan 2017, at 20:37, robb <robb at interlin.nl <mailto:robb at interlin.nl> > wrote:
I think XoT should be accessed through SSL only. A good option would be to support letsencrypt <https://letsencrypt.org/> by default.
regards,
Rob
Op 17-01-17 om 18:23 schreef Ron Mitchell:
Hi all
Just reading this https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/ and suspect we should put a similar advisory together re Xerte installations and SSL etc.
What do you think?
Ron
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk <mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk <mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20170118/3abf226d/attachment-0001.html>
More information about the Xerte-dev
mailing list