jantman / repostatus.org

A standard to easily communicate to humans and machines the development/support and usability status of software repositories/projects.
http://www.repostatus.org
Creative Commons Attribution Share Alike 4.0 International
172 stars 41 forks source link

repostatus.org is only partially encrypted when accessed over HTTPS #27

Closed DilumAluthge closed 6 years ago

DilumAluthge commented 6 years ago

When accessing https://www.repostatus.org, multiple pieces of content are still served over HTTP.

For example, jQuery is loaded from http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js. Additionally, all of the badge images are loaded from http://www.repostatus.org/badges/latest/[STATUS].svg.

As a result, accessing https://www.repostatus.org results in a mixed-content warning.

jantman commented 6 years ago

Thanks. I'll need to take some time to look into how to fix this on GitHub Pages, but I'm certainly open to pull requests in the mean time.

DilumAluthge commented 6 years ago

I think the best solution would be to enforce HTTPS (i.e. redirect from HTTP to HTTPS). The steps to enable that on GitHub Pages are found here: https://help.github.com/articles/securing-your-github-pages-site-with-https/#enforcing-https-for-your-github-pages-site

Once HTTPS is enforced, we can change all "http://" links to "https://" links. I have opened a PR (#28) that accomplishes this.

jantman commented 6 years ago

HTTPS enforced on the site, and PR merged and deployed. Thanks so much!

jantman commented 6 years ago

I had to revert that PR. I guess I didn't look over that PR close enough... it broke all the SVGs because it changed their xmlns to HTTPS. I've reverted it for now, I can come back to this sometime this week but only the repostatus.org URLs can change.

DilumAluthge commented 6 years ago

Ah crap. That’s what I get for using sed and not checking the results.

I’ll make another PR.

On Sun, Aug 5, 2018 at 14:35 Jason Antman notifications@github.com wrote:

Reopened #27 https://github.com/jantman/repostatus.org/issues/27.

— You are receiving this because you authored the thread.

Reply to this email directly, view it on GitHub https://github.com/jantman/repostatus.org/issues/27#event-1771703289, or mute the thread https://github.com/notifications/unsubscribe-auth/AFXArRIb4hlmSivl2ZgB2MYp6NGJJfTAks5uNzrbgaJpZM4Vpt8m .

--

Dilum Aluthge

dilum@aluthge.com dilum@aluthge.com

https://www.aluthge.com https://www.aluthge.com

DilumAluthge commented 6 years ago

@jantman Alright, take a look at #30, which only changes the repostatus.org URLs, the semver.org URLs, and the Google Javascript hosting URLs.

jantman commented 6 years ago

I've merged #30 and it looks good to me. If anyone has problems, please open an issue.

Thanks so much, @DilumAluthge