openhatch

Issue213

Title Decide what to do about Google Maps SSL warnings on openhatch.org/people/
Milestone 0.11.01 Priority bug
Waiting On Status resolved
Superseder Nosy List jesstess, paulproteus
Assigned To Keywords

Created on 2011-01-08.21:52:24 by paulproteus, last changed 2011-03-24.18:53:45 by palhmbs.

Messages
msg1328 (view) Author: palhmbs Date: 2011-03-23.21:50:19
Marking this resolved since Google has made SSL Maps API free.

There is a new issue to deal with implementing that. - See issue344.
msg814 (view) Author: paulproteus Date: 2011-01-27.22:51:29
Well, this ticket says to "decide". So, to proceed, we can either:

* Decide to do nothing, and leave the warning. That's probably bad.

* Pay $10K. (not happening, unless someone else really wants to spend it on this)

* Decide to proxy the tiles. (This is more reasonable than it sounds; for one
thing, we're only at 10% of our monthly bandwidth usage.) I think this is what
we should go with, for now.

* Decide to, for all people search pages, redirect the user to an http-based
version of OpenHatch.  (That would be such a depressing choice, in terms of user
security and privacy.)

So let's decide to proxy the tiles. Next step is to figure out how that'll work.
That'll be a separate ticket.
msg723 (view) Author: paulproteus Date: 2011-01-09.07:02:24
http://lists.osgeo.org/pipermail/openlayers-users/2010-January/015776.html is an
example of someone else running into the same problem a year ago.

Not terribly useful, but nice to know we're not alone.
msg722 (view) Author: paulproteus Date: 2011-01-09.06:48:48
I just changed the map template to <script src> the Google Maps javascript from
an OpenHatch URL (an SSL one, if you go to https://openhatch.org/people/), which
then redirects to the non-SSL Google Maps javascript.

Also, the main Google Maps javascript file just loads in another non-SSL Google
javascript file. 

Chromium still shows https crossed-out, and Firefox doesn't show the nice blue
domain that indicates it's happy with the SSL setup, so I conclude that
redirects can't help.

Reverse proxies can't really help either -- once the browser grabs the initial
javascript over HTTPS, it will then load a non-HTTPS javascript file. And I also
haven't found any information on getting Google Maps to load tiles from our
server, rather than theirs.

So, um, I guess HTTPS and the Google Maps API are quite at odds.
msg721 (view) Author: paulproteus Date: 2011-01-09.06:31:01
One further note:

https://gunnicom.wordpress.com/2010/10/14/redirect-from-https-to-http-works-for-tiles-from-openlayers/
indicates that we might be able to get away with using a redirect, rather than
actually proxying.
msg717 (view) Author: paulproteus Date: 2011-01-09.05:20:42
Well, the only official way we can the Google Maps API over SSL is to pay Google
ten thousand dollars:
http://googleenterprise.blogspot.com/2008/09/httpssecuregooglemaps.html

We would have to serve the tiles ourselves, as well as the Google JavaScript. We
could use a reverse proxy to achieve that.

If we were a 501(c)3, we could request a free Premier key for Google Maps. It
would take 3 months for Google to contact us about it.

https://services.google.com/fb/forms/premiergrantapplication/ is the link to that.

Well, what now? I was hoping this would be easy, but I guess it's not!
msg716 (view) Author: jesstess Date: 2011-01-08.23:06:45
It looks like the home page is fine, but https://openhatch.org/people/ does have this issue -- the 
Google maps API queries are over HTTP.
msg703 (view) Author: paulproteus Date: 2011-01-08.21:52:24
Luke Faraone had this to say:

<lfaraone> paulproteus: hai!
<lfaraone> paulproteus: fyi, on openhatch, my browser is giving SSL warnings
because there are mixes of SSL and non-ssl content

If you load up https://openhatch.org/ in Firefox, and use Firebug to look at the
"Net" tab to see what pages we load, it should be all SSL ones. According to
Luke, it's not all SSL stuff -- that's the bug.
History
Date User Action Args
2011-03-24 18:53:45palhmbssetstatus: chatting -> resolved
2011-03-23 21:50:19palhmbssetstatus: resolved -> chatting
messages: + msg1328
2011-01-27 22:51:29paulproteussetstatus: chatting -> resolved
messages: + msg814
2011-01-09 07:02:24paulproteussetmessages: + msg723
2011-01-09 06:48:48paulproteussetmessages: + msg722
2011-01-09 06:31:01paulproteussetmessages: + msg721
2011-01-09 05:20:42paulproteussetmessages: + msg717
keyword: - bitesize
title: Find out why some browsers give SSL warnings on https://openhatch.org/ -> Decide what to do about Google Maps SSL warnings on openhatch.org/people/
2011-01-08 23:06:45jesstesssetstatus: unread -> chatting
nosy: + jesstess
messages: + msg716
2011-01-08 21:52:24paulproteuscreate