Opened 6 years ago

Closed 6 years ago

#11599 closed defect (fixed)

Ning.com rule causes missing images in hosted websites

Reported by: cypherpunks Owned by: pde
Priority: Medium Milestone: HTTPS-E 3.5
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version: HTTPS-E chrome 2013.10.16
Severity: Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The HTTPS Everywhere rule for ning.com (partial) causes images to be missing from ning-hosted websites, e.g. DiyDrones.com .

Note: The actual version is HTTPS-E chrome 2014.4.16 .

Defect is due to an invalid certificate on Ning's CDN.

This is the communication I had with Ning:

Apr 22 12:46 PM
The SSL certificate for https://origin-api.ning.com is invalid. It does not match the URL, it is expired, and it does not have a valid CA.
The certificate for https://www.ning.com is valid and would also work for origin-api.ning.com. You should install it to all your servers.

Aaron (Ning Help Center)
Apr 23 05:20 PM
Hi there,
Thanks for your question! We don't support SSL on that URL. That serves up our images via our CDN, which is also not currently set up for SSL.
Best,
Aaron

Child Tickets

Change History (1)

comment:1 Changed 6 years ago by bm

Resolution: fixed
Status: newclosed

origin-api was removed in 4ecdc518.

Note: See TracTickets for help on using tickets.