|Resolved||None||T104728 make blog links from wmfwiki front page use HTTPS links|
|Open||None||T104726 blog rss feed links to HTTP (cleartext) blog posts even when feed fetched over HTTPS|
I can file a ticket with Automattic, also in connection with T105905: Switch blog to HTTPS-only . But perhaps someone could come up with a more up to date and precise problem description first?
Right now it seems that only the permalinks (those ending in a "p=....") are in HTTP and the rest is in HTTPS. E.g.. <guid isPermaLink="false">http://blog.wikimedia.org/?p=45232</guid> vs,.<link>https://blog.wikimedia.org/2016/02/17/wikimedia-nsa-appeal-filed/</link>
https://blog.wikimedia.org/feed/ links look maybe fixed but some other
things need fixing too. just search the feed for http://
bottom line is we shouldn't be sending feedreaders nor people actively
browsing to fetch HTTP resources.
- enclosures/thumbs/images/etc. all seem to mostly be HTTP (for a variety of domains including the wordpress image host and also upload.wm.o)
- btw, evan amos has 118 enclosures for the same content??
- and https://blog.wikimedia.org/2016/08/16/wikipedia-portal-update/ also has quite a few duplicate enclosures. why would one be ogg and the other is webm? ogg gets an inaccurate type="audio/ogg" in the feed.
- <guid isPermaLink="false">http://blog.wikimedia.org/?p=48216</guid>, not sure how big a deal this is, fixing it might make existing subscribers get duplicate stories?