I've been doing some cleanup and documentation on our main front-end
JavaScript code which lives in js/util.js, including some tweaks on the
AJAX form submissions to fix some error handling oddities.
While I was in there, I realized it would be pretty easy to work around
the longstanding problem that none of our AJAX forms work on sites set
to "ssl=sometimes" if someone actually fires up an arbitrary page on SSL.
The ssl=sometimes mode is meant to have most stuff live on regular HTTP
most of the time, but kick you over to HTTPS for a few privileged things
that involve passwords. This keeps your actual password (but not your
session cookies) from being sent over the network in the clear, while
running most stuff over the easier to manage HTTP routes.
However, some folks end up at HTTPS pages that StatusNet thinks are
supposed to be HTTP -- such as people using the HTTPS-Everywhere Firefox
extension (https://www.eff.org/https-everywhere), or clicking links in
an Adium client, or just doing some cut-n-paste on the URL bar in their
browser to jump from page to page quickly.
They end up being able to see everything just fine, but a lot of our
interactivity would break because the forms use hardcoded HTTP URLs,
which the HTTPS page isn't allowed to directly access.
In commit 46d9496, I tossed in a few lines of JS to check if we're in
that state and transparently send the form submission over HTTPS
instead, which the page can reach from JavaScript.
This gets posting, favoriting, repeating, subscribing, etc working for
folks who are (whether deliberately or by accident) on an HTTPS page view.
Note that this *doesn't* keep you on HTTPS pages while you navigate
through the site; the overall behavior of ssl=sometimes mode remains as
it was. (Individual end-users can use the HTTP-Everywhere extension to
force their browsers to do that, but beware there may be other things
that still don't work on those pages.)
-- brion
_______________________________________________
StatusNet-dev mailing list
StatusNet-dev@lists.status.net
http://lists.status.net/mailman/listinfo/statusnet-dev