Page MenuHomePhabricator
Create Task
Maniphest T141480

mixed-content issues on planet.wikimedia.org
Open, LowestPublic
Actions

Description

< bblack> mutante: is there a task already about planet.wm.o mixed-content? we're securing the site itself, but basically all of the links inside it are plain-HTTP :/
< bblack> we could maybe paper it over by setting upgrade-insecure-requests for now, and then get the html fixed a little after

< bblack> since we seem to be transcluding content in from external blogs, and inlining the images they inline, I imagine we have no control in the general case
< bblack> but upgrade-insecure-requests can paper over a lot of that
< mutante> yes, it gets all the feeds and then creates a new feed by merging them

< mutante> ok, looking to fix the easy ones
< mutante> it's using the feed URL it fetches from to link to the source in the sidebar. i'm gonna check which of them i can just convert to https in our conf where we get the content from them

< mutante> reads https://www.w3.org/TR/upgrade-insecure-requests/ and it fits perfectly "real headache for administrators tasked with moving substantial amounts of legacy content onto HTTPS. In particular, going through old content and rewriting resource URLs manually is a huge undertaking" and so on

< bblack> the downside is if any embedded resources (e.g. inline images) are hosted somewhere that doesn't support HTTPS at all, they'll just fail
< bblack> or maybe that's an upside, depending on your POV :)

< mutante> in this case of planet fail would be ok, then we would remove them and ask them to fix it
< mutante> or if it's just an image that fails.. it would make it obvious

Details

SubjectRepoBranchLines +/-
planet: more maintenance, http->https, rm broken urls etcoperations/puppetproduction+16 -36
planet: switch some feed links to httpsoperations/puppetproduction+4 -4
planet: switch all links to other langs to httpsoperations/puppetproduction+17 -17
planet: switch many feed URLs to httpsoperations/puppetproduction+118 -185
planet.wm.o: use CSP:upgrade-insecure-requests to avoid mixed contentoperations/puppetproduction+3 -0
Customize query in gerrit

Related Objects

Event Timeline

Dzahn created this task.Jul 27 2016, 9:00 PM
Restricted Application added a project: SRE. · View Herald TranscriptJul 27 2016, 9:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Dzahn updated the task description. (Show Details)Jul 27 2016, 9:02 PM
gerritbot subscribed.Jul 27 2016, 9:03 PM

Change 301467 had a related patch set uploaded (by BBlack):
planet.wm.o: use CSP:upgrade-insecure-requests to avoid mixed content

https://gerrit.wikimedia.org/r/301467

Dzahn mentioned this in rOPUP1c863b5e0635: planet.wm.o: use CSP:upgrade-insecure-requests to avoid mixed content.Jul 27 2016, 9:05 PM
gerritbot added a comment.Jul 27 2016, 9:29 PM

Change 301467 merged by BBlack:
planet.wm.o: use CSP:upgrade-insecure-requests to avoid mixed content

https://gerrit.wikimedia.org/r/301467

BBlack mentioned this in rOPUP0a5354e3fb4b: planet.wm.o: use CSP:upgrade-insecure-requests to avoid mixed content.Jul 27 2016, 9:32 PM
gerritbot added a comment.Jul 28 2016, 12:30 AM

Change 301528 had a related patch set uploaded (by Dzahn):
planet: switch many feed URLs to https

https://gerrit.wikimedia.org/r/301528

Dzahn mentioned this in rOPUP19d3fe596da3: planet: switch many feed URLs to https.Jul 28 2016, 12:36 AM
Dzahn mentioned this in rOPUP82d642357856: planet: switch many feed URLs to https.Jul 28 2016, 12:41 AM
gerritbot added a comment.Jul 28 2016, 12:43 AM

Change 301528 merged by Dzahn:
planet: switch many feed URLs to https

https://gerrit.wikimedia.org/r/301528

Dzahn mentioned this in rOPUP56a90f277121: planet: switch many feed URLs to https.Jul 28 2016, 12:46 AM
ema triaged this task as Medium priority.Aug 1 2016, 2:58 PM
Paladox subscribed.Aug 5 2016, 11:35 PM
gerritbot added a comment.Aug 5 2016, 11:36 PM

Change 303323 had a related patch set uploaded (by Dzahn):
planet: switch all links to other langs to https

https://gerrit.wikimedia.org/r/303323

Dzahn mentioned this in rOPUPef37c5dd9dc5: planet: switch all links to other langs to https.Aug 5 2016, 11:42 PM
gerritbot added a comment.Aug 5 2016, 11:49 PM

Change 303323 merged by Dzahn:
planet: switch all links to other langs to https

https://gerrit.wikimedia.org/r/303323

Dzahn mentioned this in rOPUP3c3086e2b828: planet: switch all links to other langs to https.Aug 5 2016, 11:54 PM
gerritbot added a comment.Aug 6 2016, 1:02 AM

Change 303321 had a related patch set uploaded (by Paladox):
planet: switch some feed links to https

https://gerrit.wikimedia.org/r/303321

gerritbot added a comment.Aug 6 2016, 1:04 AM

Change 303321 merged by Dzahn:
planet: switch some feed links to https

https://gerrit.wikimedia.org/r/303321

Dzahn mentioned this in rOPUP69946e5c0c6f: planet: switch some feed links to https.Aug 6 2016, 1:08 AM
gerritbot added a comment.Aug 11 2016, 2:02 AM

Change 304159 had a related patch set uploaded (by Dzahn):
planet: more maintenance, http->https, rm broken urls etc

https://gerrit.wikimedia.org/r/304159

gerritbot added a project: Patch-For-Review.Aug 11 2016, 2:02 AM
Dzahn mentioned this in rOPUP842406d3d5cb: planet: more maintenance, http->https, rm broken urls etc.Aug 11 2016, 2:07 AM
gerritbot added a comment.Aug 11 2016, 5:33 AM

Change 304159 merged by Dzahn:
planet: more maintenance, http->https, rm broken urls etc

https://gerrit.wikimedia.org/r/304159

Dzahn mentioned this in rOPUP52d6cf4b386b: planet: more maintenance, http->https, rm broken urls etc.Aug 11 2016, 5:33 AM
Dzahn mentioned this in rOPUP8fdcb876f0ae: planet: more maintenance, http->https, rm broken urls etc.Aug 11 2016, 5:39 AM
BBlack moved this task from Backlog to Domain name registration on the Traffic board.Oct 4 2016, 12:44 PM
fgiunchedi subscribed.Jul 19 2017, 12:37 PM

I tried loading en.planet.wikimedia.org and got no mixed content alerts today, there were some osm linked that failed to load due to invalid CA but that's not in our control anyway, anything else to do @Dzahn ?

Dzahn added a comment.Jul 19 2017, 3:37 PM

Yes, not all planet feeds use https yet.

Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:46 PM
BBlack edited projects, added Traffic-Icebox; removed Traffic.Sep 1 2021, 11:21 PM
BBlack subscribed.

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all such tickets that haven't been updated in 6 months or more. This does not imply any human judgement about the validity or importance of the task, and is simply the first step in a larger task cleanup effort. Further manual triage and/or requests for updates will happen this month for all such tickets. For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

Dzahn added a project: collaboration-services.Dec 1 2022, 12:44 AM
LSobanski lowered the priority of this task from Medium to Lowest.Dec 5 2022, 4:49 PM
LSobanski moved this task from Incoming to Backlog on the collaboration-services board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL