astropy / astropy.github.com

The Astropy web pages
http://www.astropy.org
BSD 3-Clause "New" or "Revised" License
43 stars 99 forks source link

https://www.astropy.org/affiliated/ does not work correctly #74

Closed olebole closed 9 years ago

olebole commented 9 years ago

Hi,

the SSL-enabled web page https://www.astropy.org/affiliated/ does not show the package registry. The table stays in the state "Loading...".

embray commented 9 years ago

It's working for me, but only if I go to http, not https. The latter gives me certificate errors (ssl_error_bad_cert_domain) which seems to be related to the site being hosted on GitHub and using one of GH's certificates.

eteq commented 9 years ago

I'm seeing the same as @embray. @olebole, did you see a link to the https version somewhere? I didn't even realize that existed (as @embray said, it's all hosted behind the scenes by github).

olebole commented 9 years ago

All on Firefox (Ubuntu) and Iceweasel (Debian):

With http, all is OK. When I load it with https, I first also get a certificate warning. When I then allow the page to display, the table stays as hown in the image: affiliated-https

The error console then shows (sorry for German; should be understandable however):

10:01:06.632 Laden von gemischten aktiven Inhalten "http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,700" wurde blockiert.1 affiliated
10:01:06.636 Laden von gemischten aktiven Inhalten "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js" wurde blockiert.1 affiliated

Both with a link to this webpage. So, it may depend on the web browser settings (I didn't touch them however), but it seems that the https page should load everything via https.

Would it be a problem to switch all links to https?

embray commented 9 years ago

Ah, it looks like it's defaulting to blocking non-secure external resources when accessing the site via HTTPS.

embray commented 9 years ago

I believe full HTTPS support on GitHub pages hosted sites is still an open issue. See isaacs/github#156.

So I think the only practical solution would be to switch to a different hosting provider. However, there's also nothing on astropy.org that I think necessitates HTTPS. I'm not really a strong believer in HTTPS-all-the-things when it comes to sites that users don't send any data to.

olebole commented 9 years ago

I'd agree in this. However, there are people who just use https (and don't change the default in their browser), and they will run into this error.

embray commented 9 years ago

Too bad for them I guess? I would tend to think people making such settings are going to be aware of the potential drawbacks, and look to it when something doesn't work. For example I have my browser set to reject all cookies by default, so I'm generally aware that when something on a site isn't working I probably have to look at what cookies it's trying to set, and that I'm an extreme case.

olebole commented 9 years ago

Maybe switch off https completely until it works? If parts are non-secure, it is useless anyway.

embray commented 9 years ago

That's not something we have any control over.

mdboom commented 9 years ago

Using // rather than http:// at the front of the URLs that fail to load should be enough to fix this (since the Google CDNs support https).

mdboom commented 9 years ago

(I'd like to assign myself here, since I'm working on it, but I'm not part of this org, I guess? @eteq)

eteq commented 9 years ago

@mdboom - added you to the org and assigned you

eteq commented 9 years ago

Also :+1: to the @mdboom's suggestion if it turns out that makes it work.

Another thing I just noted: https://astropy.github.io/affiliated does appear to work... Presumably that means the problem is more in the forwarding of the astropy.org domain then?