Page MenuHomePhabricator
Create Task
Maniphest T51698

When uploading from Flickr, unencrypted XHRs are sent from client to Flickr despite being on https://
Closed, ResolvedPublic
Actions

Description

Original bug title:
When uploading from Flickr, unencrypted XHRs are sent from client to Flickr despite being on https://

(specifically to http://api.flickr.com/services/rest/?)

I think this will be a real issue after Firefox prompts by default when attempt to connect to http while being on https.

I read about the issues with the proxy which can't fetch the images from HTTPS (Bug 42468). If required, you'll have to set up just another proxy forwarding the API requests from the client to flickr's http API:
client <<-- encrypted traffic -->> proxy <<-- unencrypted traffic -->> flickr API

The proposed procedure would also enable you to hide the API - key.

Version: unspecified
Severity: normal
URL: https://upload.wikimedia.org/wikipedia/commons/2/27/Bypass_https_security_warning_Firefox_23.png

Details

Reference
bz49698

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:58 AM
bzimport added a project: UploadWizard.
bzimport set Reference to bz49698.
bzimport added a subscriber: Unknown Object (MLST).
Rillke created this task.Jun 17 2013, 3:43 PM
Steinsplitter added a comment.Aug 29 2013, 8:17 AM
  • Bug 53522 has been marked as a duplicate of this bug. ***
Rillke added a comment.Aug 30 2013, 5:41 AM

https://gerrit.wikimedia.org/r/81890/

Krenair added a comment.Aug 30 2013, 1:56 PM

https://gerrit.wikimedia.org/r/81891/ fixed this

Gilles raised the priority of this task from Medium to Unbreak Now!.Dec 4 2014, 10:23 AM
Gilles added a project: Multimedia.
Gilles moved this task from Untriaged to Done on the Multimedia board.
Gilles lowered the priority of this task from Unbreak Now! to Medium.Dec 4 2014, 11:21 AM
Phabricator_maintenance added a project: HTTPS.Aug 5 2016, 11:40 AM
Phabricator_maintenance removed a subscriber: wikibugs-l-list.
Restricted Application added a project: Traffic. · View Herald TranscriptAug 5 2016, 11:40 AM
Restricted Application added a subscriber: Matanya. · View Herald Transcript
Phabricator_maintenance removed a parent task: T29946: [DO NOT USE] SSL related (tracking) [superseded by #HTTPS].Aug 5 2016, 11:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits