Opened 10 years ago
Closed 9 years ago
#9778 closed enhancement (fixed)
option to use ssl for connections to josm.openstreetmap.de
| Reported by: | skyper | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | 14.03 |
| Component: | Core | Version: | |
| Keywords: | ssl homepage | Cc: |
Description
As OSM offers secure connections now, it would be nice to also offer it for connections to our page to download plugins, styles and preset with a secure connections
Attachments (0)
Change History (25)
comment:1 by , 10 years ago
| Priority: | major → normal |
|---|
comment:6 by , 10 years ago
Replying to Don-vip:
I don't understand the wikireader stuff?
I thought the url was on the left side of the replace - it was on the right side, so that was crap :-)
comment:7 by , 10 years ago
Note: I believe the getXMLBase() must stay http or JOSM will do a request to the server for each XML. Was at least my impression when I first tested that shortly.
comment:8 by , 10 years ago
| Milestone: | → 14.03 |
|---|
follow-up: 11 comment:10 by , 10 years ago
Someone willing to test if there are side effects, when when change the defaults to https?
comment:11 by , 10 years ago
Replying to stoecker:
Someone willing to test if there are side effects, when when change the defaults to https?
What do you mean and need ?
- Do I simply have to change the protocol for the fixed string ?
- Is it sufficient to unpack, change and repack or do I need to compile ?
- Is it possible to have a test version ?
follow-up: 15 comment:13 by , 10 years ago
I changed josm.url to https://josm.openstreetmap.de
But it does not work, all traffic to josm.openstreetmap.de is not encrypted.
(JOSM 6903)
comment:15 by , 10 years ago
Replying to anonymous:
I changed josm.url to https://josm.openstreetmap.de
But it does not work, all traffic to josm.openstreetmap.de is not encrypted.
Did you restart after changing the url ?
So far, I is running smoothly on my side.
I did start with a new/empty preference directory and after changing the URLs, I always did delete the cache folder within preferences. Even Plugins and Styles/Presets seem to work but I have to admit that I did not check with wireshark but relied on the URLs showing up on the console.
follow-up: 18 comment:16 by , 10 years ago
I checked with wireshark.
I tried again with new profile and now there is some encrypted traffic to josm.openstreetmap.de
But there is also unencrypted traffic:
http://josm.openstreetmap.de/plugin
http://josm.openstreetmap.de/plugin-icons.zip
http://josm.openstreetmap.de/browser/trunk/images/mapmode/improvewayaccuracy.png?format=raw
follow-up: 19 comment:18 by , 10 years ago
Replying to anonymous:
I tried again with new profile and now there is some encrypted traffic to josm.openstreetmap.de
But there is also unencrypted traffic:
http://josm.openstreetmap.de/plugin
http://josm.openstreetmap.de/plugin-icons.zip
Should be fixed.
http://josm.openstreetmap.de/browser/trunk/images/mapmode/improvewayaccuracy.png?format=raw
Hmm, that must come from a style, preset or something else. Should not be loaded at all from remote!
comment:19 by , 10 years ago
Replying to stoecker:
Hmm, that must come from a style, preset or something else. Should not be loaded at all from remote!
it comes from StartupPageSource :)
comment:22 by , 10 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Don't forget that you have tested with a local copy. Most users are using Java WebStart via <https://josm.openstreetmap.de/download/josm.jnlp> and it includes hrefs to HTTP so it downloads the main jar unsecured!
comment:24 by , 9 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
There are some important bits missing: Accoording to JOSMs stdoutput many plugins get downloaded and updated via http from svn.openstreetmap.org (e.g. "GET http://svn.openstreetmap.org/applications/editors/josm/dist/utilsplugin2.jar"). I've tried with a fresh profile and josm latest.
The plugin code gets executed if I understand correctly, so its download should be secured.
The cause seems to be the URLs in https://josm.openstreetmap.de/pluginicons ("https://josm.openstreetmap.de/pluginicons%<?plugins=>" in the plugin settings). Could these please be changed to https? The svn server is capable of it.
Thank you!
comment:25 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
HTTPS links are now provided. Thanks for the notice.
this is not major as no personal information is involved.