• All submissions to this site are governed by Second Life Project Contribution Agreement. By submitting patches and other information using this site, you acknowledge that you have read, understood, and agreed to those terms.
Issue Details (XML | Word | Printable)

Key: WEB-989
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: WorkingOnIt Linden
Reporter: Gordon Wendt
Votes: 3
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
3. Second Life Website - WEB

Blog illogically requires secure connection to view rather than just to login and comment

Created: 26/Feb/09 07:08 PM   Updated: 10/Apr/09 01:43 AM
Return to search
Component/s: blog.secondlife.com
Affects Version/s: Not Versioned
Fix Version/s: None

Environment: All

Last Triaged: 17/Mar/09 09:36 AM
Linden Lab Issue ID: DEV-29056


 Description  « Hide
blogs.secondlife.com and it's various other redirects into it (including (blog.secondlife....) seem to now illogically try to force https when viewing which is unecessary and for those of us who can't always use port 443 (https) but can always reach port 80 (http) it makes the blog unuseable during that time.

Sorry for using yelling caps here but this should get the message across THERE IS NO REASON TO USE HTTPS TO READ A PUBLIC BLOG. For logging in, that should definitely be https, for after logging in for comment forms, if your making public comments anyway it's a bit paranoid but that's still somewhat logical but it's idiotic to have https just to read a public blog.

Reasoning for why it's a bug and why it's critical
--------------------------------------------------------------------
Bug - it falls into one of those weird bugs that aren't software bugs bug are logic bugs loopholes. It is definitely illogical and a bug.

Critical - The only reason it isn't showstopper is because I try to at least minimize my hypocrisy, this really should be showstopper since it is almost on par with stopping access to SL since it's the primary vehicle for policy announcements but it would be incredible hypocritical for me to mark it as such. If someone else wants to change it feel free though.

 All   Comments   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Gordon Wendt added a comment - 27/Feb/09 02:01 PM
to clarify, this isn't just the redirects forcing it, it forces it even if you try http://blogs.secondlife.com so there is no way to do a standard http connection.

[ Permlink | « Hide ]
Argent Stonecutter added a comment - 18/Mar/09 07:25 AM
Priority low?

The blog is unusable. This should either be resolved "will not finish" and the problems Gordon believes are due to this bug fixed post-haste, or if this bug is actually the cause of those problems it should be left as critical.


[ Permlink | « Hide ]
Yoz Linden added a comment - 10/Apr/09 01:25 AM
Re-prioritised and assigned. We have a couple of different possible solutions in the pipeline here, with the preferable one (that is, the one that we think will be preferable for both residents and Linden Lab) being actively worked on.

[ Permlink | « Hide ]
Gordon Wendt added a comment - 10/Apr/09 01:43 AM
Thanks for the update Yoz. I understand that this might not be LL's top priority at the moment but it has to be possible to if nothing else differentiate the login field as https with the rest of the page being http... I realize that's not entirely ideal though since browsers with good reason raise warnings with mixed security content due to the mass of i-frame exploits out in the wild, I figure LL's web techs can find a good solution though to deal with it.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators