Page MenuHomePhabricator

blog rss feed links to HTTP (cleartext) blog posts even when feed fetched over HTTPS
Open, HighPublic

Description

blog rss feed links to HTTP (cleartext) blog posts even when feed fetched over HTTPS.

https://blog.wikimedia.org/feed/

Event Timeline

jeremyb created this task.Jul 3 2015, 6:56 PM
jeremyb raised the priority of this task from to Needs Triage.
jeremyb updated the task description. (Show Details)
jeremyb added a project: Wikimedia-Blog.
jeremyb added a subscriber: jeremyb.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 3 2015, 6:56 PM
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptJan 29 2016, 2:00 PM
Krenair assigned this task to jrbs.Feb 26 2016, 3:29 AM
Krenair added subscribers: jrbs, Krenair.

Something needs to be done by Automattic, I guess @jrbs can either deal with them or knows who can.

I can file a ticket with Automattic, also in connection with T105905: Switch blog to HTTPS-only . But perhaps someone could come up with a more up to date and precise problem description first?

Right now it seems that only the permalinks (those ending in a "p=....") are in HTTP and the rest is in HTTPS. E.g.. <guid isPermaLink="false">http://blog.wikimedia.org/?p=45232</guid> vs,.<link>https://blog.wikimedia.org/2016/02/17/wikimedia-nsa-appeal-filed/</link>

jrbs removed jrbs as the assignee of this task.May 2 2016, 1:57 PM

This is not something I have the ability to fix. I would echo @Tbayer in that the actual issue here isn't currently clear.

It looks to me like the main problem was solved. We might be able to close this...

Looks fixed to me as well; resolving. :-)

EdErhart-WMF closed this task as Resolved.Aug 19 2016, 7:15 PM
jeremyb reopened this task as Open.EditedAug 19 2016, 7:41 PM

https://blog.wikimedia.org/feed/ links look maybe fixed but some other
things need fixing too. just search the feed for http://

bottom line is we shouldn't be sending feedreaders nor people actively
browsing to fetch HTTP resources.

  • enclosures/thumbs/images/etc. all seem to mostly be HTTP (for a variety of domains including the wordpress image host and also upload.wm.o)
  • <guid isPermaLink="false">http://blog.wikimedia.org/?p=48216</guid>, not sure how big a deal this is, fixing it might make existing subscribers get duplicate stories?
EdErhart-WMF triaged this task as High priority.Nov 14 2016, 10:13 PM
EdErhart-WMF removed a subscriber: asherman.