SSL/TLSize all the things! (convert http:// to https:// where appropriate) #3693
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -76,20 +76,20 @@ We're counting down the days until [React.js Conf](http://conf.reactjs.com) at F | |||
|
|
|||
| ## React Meetups Around the World | |||
|
|
|||
| <blockquote class="twitter-tweet" lang="en"><p>React JS meetup having pretty good turn up rate today <a href="https://twitter.com/hashtag/londonreact?src=hash">#londonreact</a> <a href="http://t.co/c360dlVVAe">pic.twitter.com/c360dlVVAe</a></p>— Alexander Savin (@karismafilms) <a href="https://twitter.com/karismafilms/status/535152580377468928">November 19, 2014</a></blockquote> | |||
| <blockquote class="twitter-tweet" lang="en"><p>React JS meetup having pretty good turn up rate today <a href="https://twitter.com/hashtag/londonreact?src=hash">#londonreact</a> <a href="https://t.co/c360dlVVAe">pic.twitter.com/c360dlVVAe</a></p>— Alexander Savin (@karismafilms) <a href="https://twitter.com/karismafilms/status/535152580377468928">November 19, 2014</a></blockquote> | |||
There was a problem hiding this comment.
These are actually copy+paste from Twitter embeds, so I don't think we should make this change.
There was a problem hiding this comment.
I thought Twitter had retroactively changed all those to https://, but I guess not. Will change back.
reedloden
force-pushed
the
swap-http-to-https
branch
from
47cd25c to
66d421b
Compare
…iate) Update links to use https:// where it is supported. There's probably a lot more that could be fixed, but these are the core ones I found (especially the download links in order to prevent MITM attacks). Note that there are some fb.me links that will redirect to http:// even while accessed over https://, but this seemed like the best way to fix those for now. NOTE: Only non-third-party files were modified. There are references to http:// URLs in vendored/third-party files, but seems appropriate to fix upstream for those rather than editing the files. Also, copy one image locally to the blog, as it was hotlinking to a site that did not support https://. Last, use youtube-nocookie.com instead of youtube.com for video embeds, as the former doesn't try to set a cookie on load (privacy enhancement).
reedloden
force-pushed
the
swap-http-to-https
branch
from
66d421b to
3e8951e
Compare
| * Support for the `key` prop, which allows for finer control over reconciliation. [Read the docs for details...](http://facebook.github.io/react/docs/multiple-components.html) | ||
| * Removed `React.autoBind`. [Read our blog post for details...](http://facebook.github.io/react/blog/2013/07/02/react-v0-4-autobind-by-default.html) | ||
| * Improvements to forms. We've written wrappers around `<input>`, `<textarea>`, `<option>`, and `<select>` in order to standardize many inconsistencies in browser implementations. This includes support for `defaultValue`, and improved implementation of the `onChange` event, and circuit completion. [Read the docs for details...](http://facebook.github.io/react/docs/forms.html) | ||
| * `prop` improvements: validation and default values. [Read our blog post for details...](/react/blog/2013/07/11/react-v0-4-prop-validation-and-default-values.html) |
|
Alright, let's do it. Dear translators (@marocchino and the KO team especially), I'm sorry! You may be able to get a bit fancy and do some processing on the patch to automate this but otherwise it might be a bit rough. |
zpao
added a commit
that referenced
this pull request
Apr 20, 2015
SSL/TLSize all the things! (convert http:// to https:// where appropriate)
zpao
added a commit
that referenced
this pull request
Apr 20, 2015
SSL/TLSize all the things! (convert http:// to https:// where appropriate)
zpao
added a commit
that referenced
this pull request
Apr 21, 2015
Reverting this bit in the stable branch so builds aren't changed. We can pick this up again if we do a 0.13.3.
zpao
added a commit
to zpao/react
that referenced
this pull request
May 8, 2015
This reverts commit 4053465.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update links to use https:// where it is supported. There's probably a lot
more that could be fixed, but these are the core ones I found (especially
the download links in order to prevent MITM attacks). Note that there are
some fb.me links that will redirect to http:// even while accessed over
https://, but this seemed like the best way to fix those for now.
NOTE: Only non-third-party files were modified. There are references to
http:// URLs in vendored/third-party files, but seems appropriate to fix
upstream for those rather than editing the files.
Also, copy one image locally to the blog, as it was hotlinking to a site
that did not support https://.
Last, use youtube-nocookie.com instead of youtube.com for video embeds,
as the former doesn't try to set a cookie on load (privacy enhancement).