On Feb 16, 2011, at 12:43 PM, Aryeh Gregor wrote: > On Tue, Feb 15, 2011 at 4:36 PM, Walter McGinnis <wal...@katipo.co.nz> wrote: >> Now, in practice implementing this has challenges. I'm the lead developer on >> Kete, an open source Ruby on Rails app (http://kete.net.nz), and recently >> wanted to make the switch to fully HTTPS for a site and the Kete app when >> used with HTTPS. >> >> I encountered the headache of mixed content warnings. > > What problems does this present in practice? I notice Gmail sometimes > serves mixed content without my browser complaining significantly. > The UI changes a bit, but nothing worse than normal http:// UI.
Many versions of Internet Explorer will throw up a dialog box with a warning. > >> All this boils down to, yes full HTTPS is best practice, but if you make use >> of external APIs or services, it may be hard to achieve. > > Using an external API or service by including stuff from third-party > sites would send users' IP addresses to those sites, which would > violate Wikimedia's privacy policy, so this isn't an issue for us. Fair enough. Every situation is different. As I had recently attempted to go full HTTPS with a project, I thought I would share my experience of what it takes in practice. Cheers, Walter _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
