Title Decide what to do about Google Maps SSL warnings on
Milestone 0.11.01 Priority bug
Waiting On Status resolved
Superseder Nosy List jesstess, paulproteus
Assigned To Keywords

Created on 2011-01-08.21:52:24 by paulproteus, last changed 2011-03-24.18:53:45 by palhmbs.

msg1328 (view) Author: palhmbs Date: 2011-03-23.21:50:19
Marking this resolved since Google has made SSL Maps API free.

There is a new issue to deal with implementing that. - See issue344.
msg814 (view) Author: paulproteus Date: 2011-01-27.22:51:29
Well, this ticket says to "decide". So, to proceed, we can either:

* Decide to do nothing, and leave the warning. That's probably bad.

* Pay $10K. (not happening, unless someone else really wants to spend it on this)

* Decide to proxy the tiles. (This is more reasonable than it sounds; for one
thing, we're only at 10% of our monthly bandwidth usage.) I think this is what
we should go with, for now.

* Decide to, for all people search pages, redirect the user to an http-based
version of OpenHatch.  (That would be such a depressing choice, in terms of user
security and privacy.)

So let's decide to proxy the tiles. Next step is to figure out how that'll work.
That'll be a separate ticket.
msg723 (view) Author: paulproteus Date: 2011-01-09.07:02:24 is an
example of someone else running into the same problem a year ago.

Not terribly useful, but nice to know we're not alone.
msg722 (view) Author: paulproteus Date: 2011-01-09.06:48:48
I just changed the map template to <script src> the Google Maps javascript from
an OpenHatch URL (an SSL one, if you go to, which
then redirects to the non-SSL Google Maps javascript.

Also, the main Google Maps javascript file just loads in another non-SSL Google
javascript file. 

Chromium still shows https crossed-out, and Firefox doesn't show the nice blue
domain that indicates it's happy with the SSL setup, so I conclude that
redirects can't help.

Reverse proxies can't really help either -- once the browser grabs the initial
javascript over HTTPS, it will then load a non-HTTPS javascript file. And I also
haven't found any information on getting Google Maps to load tiles from our
server, rather than theirs.

So, um, I guess HTTPS and the Google Maps API are quite at odds.
msg721 (view) Author: paulproteus Date: 2011-01-09.06:31:01
One further note:
indicates that we might be able to get away with using a redirect, rather than
actually proxying.
msg717 (view) Author: paulproteus Date: 2011-01-09.05:20:42
Well, the only official way we can the Google Maps API over SSL is to pay Google
ten thousand dollars:

We would have to serve the tiles ourselves, as well as the Google JavaScript. We
could use a reverse proxy to achieve that.

If we were a 501(c)3, we could request a free Premier key for Google Maps. It
would take 3 months for Google to contact us about it. is the link to that.

Well, what now? I was hoping this would be easy, but I guess it's not!
msg716 (view) Author: jesstess Date: 2011-01-08.23:06:45
It looks like the home page is fine, but does have this issue -- the 
Google maps API queries are over HTTP.
msg703 (view) Author: paulproteus Date: 2011-01-08.21:52:24
Luke Faraone had this to say:

<lfaraone> paulproteus: hai!
<lfaraone> paulproteus: fyi, on openhatch, my browser is giving SSL warnings
because there are mixes of SSL and non-ssl content

If you load up in Firefox, and use Firebug to look at the
"Net" tab to see what pages we load, it should be all SSL ones. According to
Luke, it's not all SSL stuff -- that's the bug.
Date User Action Args
2011-03-24 18:53:45palhmbssetstatus: chatting -> resolved
2011-03-23 21:50:19palhmbssetstatus: resolved -> chatting
messages: + msg1328
2011-01-27 22:51:29paulproteussetstatus: chatting -> resolved
messages: + msg814
2011-01-09 07:02:24paulproteussetmessages: + msg723
2011-01-09 06:48:48paulproteussetmessages: + msg722
2011-01-09 06:31:01paulproteussetmessages: + msg721
2011-01-09 05:20:42paulproteussetmessages: + msg717
keyword: - bitesize
title: Find out why some browsers give SSL warnings on -> Decide what to do about Google Maps SSL warnings on
2011-01-08 23:06:45jesstesssetstatus: unread -> chatting
nosy: + jesstess
messages: + msg716
2011-01-08 21:52:24paulproteuscreate