Web Apps

Hi,

General context

Currently, Chrome set the "Not Secure" warning only for pages with password and credit card input fields. Starting October 2017, Chrome will set this flag for any page with a form input.

Ryzom web app context

A bug in certificate validation on the Ryzom client forced every web app to use exclusively HTTP. As far as i know, this bug has been fixed in patch 3.2.1.8913.

The problem

If the Ryzom apps are not moved to HTTPS before October, using those apps in Chrome, including this forum, will display the "Not Secure" flag and freak users out.

Suggested action

Please move all the official Ryzom web-apps to HTTPS now and communicate to all web app developers on this topic.



Sadly I guess this report won't be taken seriously and the answer will be "we don't care about this flag, it's not supposed to be secure". I strongly disagree with such opinion and will not argue about it.

There is still 1,2,3.. many days to go... you worry too much.

PS. client supports HSTS

I personally develop webapps, which are just webpages, for the ingame browser and ingame use. Having them out of game, for example in google chrome, is just a bonus to me.

Official apps on the other side, like these forums, should work out of game and in most browsers I agree. Which bugged me for a longer time, is the login form with character name and password without any hint of encryption. chat.ryzom.com is a different world and it uses https by default. Could at least a certificate be used for the "official" app.ryzom.com login too?

arc