Problem/Motivation

There's a few urls in the codebase that use HTTP instead of HTTPS and some (many the same) that use drupal.org without www.drupal.org in front.

This creates a very small security risk that is mostly mitigated by hsts AND may create some weird bugs for clients that don't handle forwards properly (I'm thinking RSS client or something).

Steps to reproduce

1. clone this repository
2. grep for stuff and find several examples:

greggles@Gregs-MacBook-Pro ~/c/drupalorg (7.x-3.x)> grep -r -e 'http://[w.]*drupal.org' * | wc -l
      29
greggles@Gregs-MacBook-Pro ~/c/drupalorg (7.x-3.x)> grep -r -e 'http[s]*://drupal.org' * | wc -l
      30

Proposed resolution

Update the urls.

Remaining tasks

Doing it.

User interface changes

Not really aplicable.

API changes

n/a

Data model changes

n/a

Issue fork drupalorg-3473979

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

greggles created an issue. See original summary.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Given this seems likely to cause conflicts / reroll problems I figured I should leave this to someone who works in this repo a lot. I'm happy to work on it if that would be helpful, though.

drumm’s picture

drumm
he/him
Location NY, US
commented

*.features.field_instance.inc files - no patch needed for these, it works better for caching to update in the production UI and export the feature

*.info:project status url = http://drupal.org - probably doesn’t matter, I don’t know where Features get this from and isn’t user-facing.

Anything outside of features is good to go ahead and provide a merge request for. Otherwise, this is a good thing for me to get when exercising GitLab after an upgrade.

greggles opened merge request !285

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Status: Active » Needs review

I changed the features info urls since I think future exports will keep those the same.

Also made a few other changes doing what I think made the most sense.

Feel free to overwrite changes that weren't the right thing.

  • drumm committed 6413cb57 on 7.x-3.x authored by greggles 
    Issue #3473979: Update links to https and www (/security page and...

  • drumm committed 6413cb57 on owner-tools-event-count-refine authored by greggles 
    Issue #3473979: Update links to https and www (/security page and...
greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Ah, even better to use relative links. Thanks.

  • drumm committed b3cc1d23 on 7.x-3.x 
    Issue #3473979: Remove help text with old URL

  • drumm committed 14f0f227 on 7.x-3.x 
    Issue #3473979: Make old links relative

  • drumm committed 81061adc on 7.x-3.x 
    Issue #3473979: Update links to https and www in marketplace feature
drumm’s picture

drumm
he/him
Location NY, US
commented

I missed a couple links in features/drupalorg_marketplace/drupalorg_marketplace.views_default.inc, which looks like all that remains.

  • drumm committed 168ebfe3 on 7.x-3.x 
    Issue #3473979: Update links to https and www in marketplace feature
drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Needs review » Fixed

I think we can call this done now.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.