SSL access. I'd pay for it.

  • 51
  • Idea
  • Updated 8 years ago
Photo of Pig Monkey

Pig Monkey

  • 17 Posts
  • 2 Reply Likes

Posted 9 years ago

  • 51
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
I'm planning on introducing SSL some time later this summer for logins. I think that's a great option for premium users: SSL always on. But I've gotta get this mobile app out first. SSL is high on the priority list.
Photo of Pig Monkey

Pig Monkey

  • 17 Posts
  • 2 Reply Likes
So, how 'bout that SSL?
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
Got the SSL cert a couple weeks ago. Going to possibly add it as an option, but the issue is that all of the images in feeds will be coming from non-SSL pages. Not really sure what to do about that.

The SSL cert is so I can integrate Stripe.js.
Photo of Jon

Jon

  • 70 Posts
  • 24 Reply Likes
+1 for SSL support! :)

Google reader handles the SSL by just letting the "mixed content"/"Partially unencrypted" warning exist. Not everything will be encrypted, since it's loading content from HTTP only sites. Mixed content doesn't throw a red flag in the browsers.
Photo of miked

miked

  • 1 Post
  • 1 Reply Like
I would be a big fan of SSL as well.

Just a friendly heads up, since I ran into the same problem previously: If you access SSL from iOS (even using the built-in NSURLConnection and friends), you need to get an export certificate from the US government. Best to start the process now so you have it in hand when you are ready to submit to the app store. The steps can be found at http://zetetic.net/blog/2009/08/03/ma...
Photo of Pig Monkey

Pig Monkey

  • 17 Posts
  • 2 Reply Likes
I just saw the blog post about SSL support. Great!

A few notes:

* When I attempt to visit https://newsblur.com in Firefox 10.0.2 I get a certificate error: "The certificate is not trusted because no issuer chain was provided." Are you using nginx? If so you have to put the issuer's cert into your cert. See: http://nginx.org/en/docs/http/configu... I've had this problem with StartCom certificates on Nginx: http://blog.dob.sk/2009/10/15/startco... . Apparently Apache doesn't care about the issuer chain.

* Any chance of forcing SSL logins for everyone?

* Any chance of getting an account preference to force SSL for everything?
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
Just stellar advice. Thanks so much! Fixed the issue by attaching the intermediate certificates to mine. Wasn't simple, but your links were super helpful.

I'll go make you an account preference right now.
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
New preference: automatically redirect to secure https site. Here's the code: https://github.com/samuelclay/NewsBlu...
Photo of Jon

Jon

  • 70 Posts
  • 24 Reply Likes
Awesome! :D
Photo of Pig Monkey

Pig Monkey

  • 17 Posts
  • 2 Reply Likes
Excellent!

I also noticed that https://newsblur.com does not redirect to https://www.newsblur.com. I assume that's a mistake, since that redirect does exist for http.
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
Actually non-www. no longer redirects to www. I figured users want to choose which to use, which is fine by me. It'll double up your cookies, but that shouldn't be an issue for anybody sticking with the same URL.
Photo of Pig Monkey

Pig Monkey

  • 17 Posts
  • 2 Reply Likes
I submitted a NewsBlur rule for the Firefox/Chrome plugin HTTPS Everywhere: https://mail1.eff.org/pipermail/https...

It targets http://newsblur.com and http://www.newsblur.com and redirects them both to https://www.newsblur.com. It also forces secure cookies.

I have no idea what the process is for actually getting the rule included in the production version -- there seems to be a large backlog of user submitted rules. If anybody wants to use it in the meantime, just save the XML as ~/.mozilla/firefox/[profile]/HTTPSEverywhereUserRules/NewsBlur.xml
Photo of Aaron

Aaron

  • 25 Posts
  • 1 Reply Like
Shouldn't this be marked as completed since it's been implemented?
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
I don't know how to mark a thread as closed here. I don't pay for Get Satisfaction, so I don't have much admin ability.
Photo of Jon

Jon

  • 70 Posts
  • 24 Reply Likes
Hey Samuel,

I think GetSatisfaction recently made the admin features free for the first user.
http://blog.getsatisfaction.com/2012/...

Here's the spot to make this thread closed so other threads (like the "Please read this first" thread) can rise to the top.
http://product.getsatisfaction.com/20...