Conversation
Notices
-
-
@moonman @nerthos I can see him on my gorf.club account and on my instance now, but he still isn't appearing here for w/e reason.
-
-
-
@normandy http://orig04.deviantart.net/f181/f/2013/143/3/7/profile_picture_by_itsamystery_plz-d66aysf.png
Monday, 30-May-16 01:27:08 UTC from web-
-
@normandy On the plus side as a ghost I can spook things.
Monday, 30-May-16 01:38:58 UTC from web
-
-
-
-
@moonman I can always tell when RDN disappears bc my little green TLS lock in FF doesn't turn a sad gray =p @nerthos @normandy
-
@fl0wn @normandy @nerthos I want to enforce full TLS on my server using a Content Security Policy header, but I can't because of non-TLS servers. And apparently there's no good fix for servers that predate strict TLS usage.
-
@moonman yeah, that came up earlier when chatting w/ @ceruleanspark . There doesn’t seem to be a simple solution currently that won't totally bork federation @nerthos @normandy
-
@fl0wn @normandy @nerthos @ceruleanspark On the frontend it's the resources that kill it, right? So like, images and stuff. The federation hoo-ha happens on the backend. I realize this is work, but I think that images/etc can be configured to be served from a different domain (like normally a CDN) but instead just have the subdomain serve from the same server but with a redirect from http to https and an HSTS header that requests the browser to always use HTTPS.
To be clear, I am NOT making any demands on anybody to do anything, but maybe something like this would be a solution-
@nerthos @fl0wn @ceruleanspark @normandy I just realized I was only thinking about remote servers not RDN itself, haha :-(
-
@moonman RDN has a subdomain for attachments.
Monday, 30-May-16 02:04:56 UTC from web-
-
Monday, 30-May-16 02:08:36 UTC from web-
@nerthos Yeah it's only the profile avatar stuff that's blowing it up since it's pulled from the profile image and loaded dynamically. I am tempted to make a special patch for my Qvitter to just automatically rewrite RDN image/attachment URLs to be https, haha.
-
Monday, 30-May-16 02:15:21 UTC from web
-
@nerthos @zemichi I popped over to RDN to look at one profile and basically almost none of the profile pics for the "following" were loaded, they were all broken :-(
-
@moonman This problem weirds me out as it's really recent. http://rainbowdash.net/attachment/845544
Monday, 30-May-16 02:18:36 UTC from web-
-
-
-
Monday, 30-May-16 02:22:51 UTC from web
-
-
@moonman It could be that. It could be that the latest version of GNUsocial broke it, not RDN, and RDN looks like the culprit just because it's the only one on the older software.
Monday, 30-May-16 02:22:26 UTC from web
-
-
-
-
-
-
-
-
-
@moonman @nerthos @fl0wn @ceruleanspark There is a script one can run on their instance to change HTTP feed urls to HTTPS. But it has to be done on each of the remote servers.
-
-
-
-
-
-
