search

datasets / publicbodies

A database of public bodies such as government departments, ministries etc.
http://publicbodies.org
MIT License
63 stars 26 forks source link

SSL sign up issues #107

Closed loleg closed 2 years ago

loleg commented 3 years ago

While an SSL certificate is present on the site (thanks Augusto in #102 for checking), HTTP is not redirected to HTTPS as it should. Furthermore, the site is shown as not completely secure because the absolute link to the newsletter sign-up is to an HTTP resources. We should probably just point this to the GitHub issues and appropriate Discourse forum.

The specific error in the dev console is:

Mixed Content: The page at 'https://publicbodies.org/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://lists.okfn.org/mailman/subscribe/okfn-labs'. This endpoint should be made available over a secure connection.

augusto-herrmann commented 3 years ago

I have replaced the HTTP link on that old form in PR #108.

For the HTTP -> HTTPS redirection to work, however, it would be necessary to change the application code. But this is ancient node.js, and before changing it it would be advisable to upgrade it to a more recent node.js version. That also means updating / getting rid of all those deprecated and obsolete dependencies:

npm WARN deprecated less-middleware@0.1.15: Updated API and improved functionality.
npm WARN deprecated mkdirp@0.3.5: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported

> leveldown@6.0.0 install /home/node/portal/node_modules/leveldown
> node-gyp-build

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN publicbodies@0.1.0 license should be a valid SPDX license expression

added 159 packages from 149 contributors and audited 160 packages in 11.598s

13 packages are looking for funding
  run `npm fund` for details

found 29 vulnerabilities (10 low, 11 moderate, 7 high, 1 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

I tried to do it, but then got an error:

internal/modules/cjs/loader.js:818
  throw err;
  ^

Error: Cannot find module '/home/node/portal/express'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
    at internal/main/run_main_module.js:17:47 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}

which is strange, as the express package is installed.

I suspect that to modernize Javascript and node.js on this application would require rewriting a good chunk of it and would also be beyond my current ability in this area.

augusto-herrmann commented 3 years ago

I created issue #110 and drafted PR #111 to try to solve this. Once we can get the site running on modern code, I think adding the HTTP -> HTTPS redirect should be easy.