[twitter-dev] Re: no SSL on http://twitter.com/login?
Yup - I'm only bringing it up since you can get to that funnel through saying that you want to login via mobile and then decide to simply login normally. While not huge, it is a bit of a hole. On Aug 19, 7:51 am, Damon Clinkscales sca...@pobox.com wrote: On Wed, Aug 19, 2009 at 9:07 AM, divesnobmdarl...@gmail.com wrote: For some reason my reply yesterday didn't make it? I do realize that you can just change http to https. The problem here is that twitter is sending people tohttp://twitter.com/login. Here's a screencast describing what I mean. http://www.screenjelly.com/watch/vSrv36yxa4g -matt On Aug 17, 7:02 pm, Abraham Williams 4bra...@gmail.com wrote: https://twitter.com/login On Mon, Aug 17, 2009 at 18:58, divesnob mdarl...@gmail.com wrote: Curious why you're not POSTing over SSL for /login? form class=signin method=post action=/sessions div style=margin: 0pt; padding: 0pt; /div input id=authenticity_token type=hidden value=7a401566e00cff4abe1cba6ed4c70bf52d37 name=authenticity_token/ fieldset class=common-form standard-form /fieldset /form On Wed, Aug 19, 2009 at 9:47 AM, Damon Clinkscalessca...@pobox.com wrote: If you look at the form carefully, you'll see this: form method=post id=signin action=https://twitter.com/sessions; ^^^ fromhttp://twitter.com/ ^^^ Although, here: http://twitter.com/login it's just /sessions , without the forced https. Yeah, that does seem like an oversight. -damon
[twitter-dev] Re: no SSL on http://twitter.com/login?
For some reason my reply yesterday didn't make it? I do realize that you can just change http to https. The problem here is that twitter is sending people to http://twitter.com/login . Here's a screencast describing what I mean. http://www.screenjelly.com/watch/vSrv36yxa4g -matt On Aug 17, 7:02 pm, Abraham Williams 4bra...@gmail.com wrote: https://twitter.com/login On Mon, Aug 17, 2009 at 18:58, divesnob mdarl...@gmail.com wrote: Curious why you're not POSTing over SSL for /login? form class=signin method=post action=/sessions div style=margin: 0pt; padding: 0pt; /div input id=authenticity_token type=hidden value=7a401566e00cff4abe1cba6ed4c70bf52d37 name=authenticity_token/ fieldset class=common-form standard-form /fieldset /form -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: no SSL on http://twitter.com/login?
If you look at the form carefully, you'll see this: form method=post id=signin action=https://twitter.com/sessions; -damon -- http://twitter.com/damon On Wed, Aug 19, 2009 at 9:07 AM, divesnobmdarl...@gmail.com wrote: For some reason my reply yesterday didn't make it? I do realize that you can just change http to https. The problem here is that twitter is sending people to http://twitter.com/login . Here's a screencast describing what I mean. http://www.screenjelly.com/watch/vSrv36yxa4g -matt On Aug 17, 7:02 pm, Abraham Williams 4bra...@gmail.com wrote: https://twitter.com/login On Mon, Aug 17, 2009 at 18:58, divesnob mdarl...@gmail.com wrote: Curious why you're not POSTing over SSL for /login? form class=signin method=post action=/sessions div style=margin: 0pt; padding: 0pt; /div input id=authenticity_token type=hidden value=7a401566e00cff4abe1cba6ed4c70bf52d37 name=authenticity_token/ fieldset class=common-form standard-form /fieldset /form -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: no SSL on http://twitter.com/login?
On Wed, Aug 19, 2009 at 9:07 AM, divesnobmdarl...@gmail.com wrote: For some reason my reply yesterday didn't make it? I do realize that you can just change http to https. The problem here is that twitter is sending people to http://twitter.com/login . Here's a screencast describing what I mean. http://www.screenjelly.com/watch/vSrv36yxa4g -matt On Aug 17, 7:02 pm, Abraham Williams 4bra...@gmail.com wrote: https://twitter.com/login On Mon, Aug 17, 2009 at 18:58, divesnob mdarl...@gmail.com wrote: Curious why you're not POSTing over SSL for /login? form class=signin method=post action=/sessions div style=margin: 0pt; padding: 0pt; /div input id=authenticity_token type=hidden value=7a401566e00cff4abe1cba6ed4c70bf52d37 name=authenticity_token/ fieldset class=common-form standard-form /fieldset /form On Wed, Aug 19, 2009 at 9:47 AM, Damon Clinkscalessca...@pobox.com wrote: If you look at the form carefully, you'll see this: form method=post id=signin action=https://twitter.com/sessions; ^^^ from http://twitter.com/ ^^^ Although, here: http://twitter.com/login it's just /sessions , without the forced https. Yeah, that does seem like an oversight. -damon
[twitter-dev] Re: no SSL on http://twitter.com/login?
https://twitter.com/login On Mon, Aug 17, 2009 at 18:58, divesnob mdarl...@gmail.com wrote: Curious why you're not POSTing over SSL for /login? form class=signin method=post action=/sessions div style=margin: 0pt; padding: 0pt; /div input id=authenticity_token type=hidden value=7a401566e00cff4abe1cba6ed4c70bf52d37 name=authenticity_token/ fieldset class=common-form standard-form /fieldset /form -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States