[jitsi-dev] Mixed content on download.jitsi.org


#1

Hi all,

First, congratulations on the new release!

I noticed on the download page that Firefox reports that "The connection
to the web site is not fully secure because it contains unencrypted
elements (such as images)":
https://download.jitsi.org/jitsi/

This seems to be exactly the case as the shortcut icon is hardcoded to
use "http://":

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 3.2 Final//EN”>
<html>
<meta name=‘robots’ content=‘index,follow’ />
<link rel=‘icon’
href=‘http://www.sip-communicator.org/wiki/pub/sip-communicator/sc_logo16x16.png
type=‘image/png’ />
<link rel=‘SHORTCUT ICON’
href=‘http://www.sip-communicator.org/wiki/pub/sip-communicator/sc_logo16x16.png’/>
</meta>

As it is now, one would have to block the images to be able to see that
the connection is secure before downloading Jitsi.

If you change the URLs to use "https://" or even just "//" the
connection should be reported as secure directly.

Cheers,
Markus


#2

Hi,

thanks for the report. We fixed the links, it should be fine now.

Thanks
damencho

···

On Sat, Feb 7, 2015 at 9:28 PM, Markus Kilås <subjunctive.post@gmail.com> wrote:

Hi all,

First, congratulations on the new release!

I noticed on the download page that Firefox reports that "The connection
to the web site is not fully secure because it contains unencrypted
elements (such as images)":
https://download.jitsi.org/jitsi/

This seems to be exactly the case as the shortcut icon is hardcoded to
use "http://":

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 3.2 Final//EN”>
<html>
<meta name=‘robots’ content=‘index,follow’ />
<link rel=‘icon’
href=‘http://www.sip-communicator.org/wiki/pub/sip-communicator/sc_logo16x16.png
type=‘image/png’ />
<link rel=‘SHORTCUT ICON’
href=‘http://www.sip-communicator.org/wiki/pub/sip-communicator/sc_logo16x16.png’/>
</meta>

As it is now, one would have to block the images to be able to see that
the connection is secure before downloading Jitsi.

If you change the URLs to use "https://" or even just "//" the
connection should be reported as secure directly.

Cheers,
Markus

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev