Page MenuHomePhabricator
Create Task
Maniphest T34129

Google Chrome prevents me from seeing the hi.wikipedia.org page view info
Closed, ResolvedPublic
Actions

Description

Author: gmeijssen

Description:
when I use http or https Chrome prevents me from using the page view info

http://ultimategerardm.blogspot.com/2011/11/chrome-security-is-bit-too-much.html
Thanks,

Gerard

Version: unspecified
Severity: normal

Details

Reference
bz32129

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:06 AM
bzimport added a project: HTTPS.
bzimport set Reference to bz32129.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Nov 1 2011, 8:53 PM
brion added a comment.Nov 1 2011, 9:10 PM

It seems to show the page info just fine -- you have a screen shot of it on your blog -- so I'm not sure what exactly the issue is.

The mixed-mode content warning is probably due to loading some CSS images or JS scripts offsite without using the correct protocol-independent URLs; other browsers similarly show either subtle or ugly hints about that complaint as well, depending on their configuration.

brion added a comment.Nov 1 2011, 9:15 PM

Created attachment 9342
Even more invasive complaint from Firefox when it's configured that way

Attached:

Screenshot_at_2011-11-01_14:14:29.png (375×1 px, 87 KB)

brion added a comment.Nov 1 2011, 9:17 PM

Created attachment 9343
Less invasive default behavior of IE 9

IE 9 by default disables any content loaded insecurely on an HTTPS page, and shows a nudgy complaint bar at the bottom of the page. Not bad, actually!

Attached:

Screenshot_at_2011-11-01_14:16:01.png (791×934 px, 224 KB)

brion added a comment.Nov 1 2011, 9:29 PM

This should be cleared up now, I've fixed the loading of a few scripts so they load over SSL now:

https://hi.wikipedia.org/w/index.php?title=%E0%A4%AE%E0%A5%80%E0%A4%A1%E0%A4%BF%E0%A4%AF%E0%A4%BE%E0%A4%B5%E0%A4%BF%E0%A4%95%E0%A4%BF:Common.js&curid=220433&diff=1553107&oldid=1445398

https://hi.wikipedia.org/w/index.php?title=%E0%A4%AE%E0%A5%80%E0%A4%A1%E0%A4%BF%E0%A4%AF%E0%A4%BE%E0%A4%B5%E0%A4%BF%E0%A4%95%E0%A4%BF:Vector.js&curid=216191&diff=1553126&oldid=1505135

Chrome and Firefox both show clear for me now on http://hi.wikipedia.org.

Nemo_bis added a comment.Nov 2 2011, 7:50 AM

(In reply to comment #4)

This should be cleared up now, I've fixed the loading of a few scripts so they
load over SSL now:

Wrong place to ask, but could this be done on all our wikis by some steward/sysadmin/global editinterface? Running a bot over all MediaWiki namespaces with some stupid replacements (such as https://meta.wikimedia.org/?oldid=3033504#Https_security_compromised_by_global_message ) should suffice in most cases and avoid a lot of head scratching especially on small wikis.

csteipp added a project: acl*security.Mar 26 2015, 8:39 PM
chasemp added a project: Security.Feb 10 2020, 10:53 PM
Restricted Application added a project: Traffic. · View Herald TranscriptFeb 10 2020, 10:53 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:14 PM
Restricted Application added a project: SRE. · View Herald TranscriptFeb 20 2020, 8:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL