Why to redirect to https for calligra.org?

[Ben Cooksley]

On 28 July 2014 09:08, Jaroslaw Staniek <staniek at kde.org> wrote:
> Hi,

Hi Jaroslaw,

> Probably picky question to Cyrille but CC'd Ben to be safe.
> Asking because I'd like to see browsers to show calligra.org as a trusted site.
>
> It's almost perfect but I see redirection to https://calligra.org from
> http://www.calligra.org in my browsers.
> So far so good but Firefox nicely explains "This website does not
> supply identity information".
> Is there any easy fix fort that? For me using http as for many other
> KDE sites (unless logged-in) could be a fix.

The redirect is part of sysadmin's rollout of mandatory SSL and site
canonicalisation to all KDE websites.
Even though login is not used for the majority of the Calligra (or
many KDE websites) it is now seen as general good practice to provide
browsing over HTTPS.

Very few websites (not even Google) use the "Extended Validation"
certificates required to "provide identity information". They're also
extremely costly.
I don't think we need to worry about this - it won't affect the
display of the padlock/trusted site part.

>
> I see two problems explained here:
> https://support.mozilla.org/en-US/questions/983078#answer-521848
>
> - Not supplying identity information -
> http://wstaw.org/m/2014/07/27/plasma-desktopCY2313.png
> - Gray exclamation-triangle -
> http://wstaw.org/m/2014/07/27/plasma-desktopPd2313.png
> Loading mixed (insecure) display content can be fixed (3 warnings) but
> wouldn't change back to http be a cleaner fix?

I'll fix the elements in the theme which are causing these warnings.
Switching to http:// based browsing would only be a workaround for the issue.

>
> --
> regards / pozdrawiam, Jaroslaw Staniek
>  Kexi & Calligra & KDE | http://calligra.org/kexi | http://kde.org
>  Qt for Tizen | http://qt-project.org/wiki/Tizen
>  Qt Certified Specialist | http://www.linkedin.com/in/jstaniek

Thanks,
Ben