Can't sign-in to forkability website

[thinkingmedia]

I've been unable to sign-in to the website since yesterday.

http://basicallydan.github.io/forkability/

Clicking the "Sign in with Github" button in the upper right triggers an auth popup. The popup prompts to allow permission. After approval it returns back to this URL, but the popup remain open and blank.

https://basicallydan.github.io/forkability/github.html?accessToken=xxxx&tokenType=bearer&scope=

Anyone else having this problem.

[M-Zuber]

I'll try and look at this later tonight.
Thank you for reporting it.

[basicallydan]

@thinkingmedia It's because you're looking at it from http:// - it requires https:// since that's what the auth popup uses, otherwise it can't communicate with the original window.

Unless either of you can think of a better solution I'd propose we put an http -> https redirect on the main Forkability page.

[thinkingmedia]

The logo on the page is linked to http://

Following links from github get redirected to http://

Something's not right.

[basicallydan]

Okay, so we need to make sure all the links go to https rather than http.

If you to to the https version of the page though, can you confirm that
signing in is possible? I checked the error logs when using http and it is
as I said, unable to interact with the original window because its http.
On 11 Dec 2015 03:21, "Thinking Media" [email protected] wrote:

The logo on the page is linked to http://

Following links from github get redirected to http://

Something's not right.

—
Reply to this email directly or view it on GitHub
#69 (comment)
.

[basicallydan]

@thinkingmedia

The logo on the page is linked to http://

Which logo are you talking about, on https://basicallydan.github.io/forkability/ ?

That's because it's a relative link. That's something I can certainly fix.

I'm not sure about redirecting to HTTPS using JavaScript, that seems weird and a little bit much. I might disable sign-in unless you're using HTTPS and put a little message saying "If you want to sign in you need to use HTTPS." and then the sign-in link could actually just take you to HTTPS.

I'm also gonna add a canonical meta link into the head of the page so that search engines know to use HTTPS.

[basicallydan]

@thinkingmedia Can you go to the page using HTTP and try now? It should now get you to go to https before letting you even attempt to sign in.

@M-Zuber Your opinion here would be appreciated too. What do you guys think, seems like a good solution? It should wait 700ms before sending you so that the button has a chance to change to "Redirecting to HTTPS" in case you didn't get it.

Ideally if anybody is posting a link, they should be using HTTPS.

[thinkingmedia]

@basicallydan Yes, if I manually go to the https:// address the sign in works as expected.

So I've narrowed the problem down to a redirect issued by the web service. Which in this case is github and might not be in your control.

I'm able to catch 301 redirects in the network log for Chrome, but the 301's don't happen all the time. For example; if I load https://basicallydan.github.io/forkability/ and press CTRL+R to refresh the page it will stay on the https address.

When I inspect the document the upper left logo has a simple link like this.

 <div class="col-sm-10 forkability-header">
          <h1><a href="/forkability"><img src="pages/logo.svg">Forkability</a></h1>
 </div>

It's clear the URL is a relative path but when I click the link the web server sends a 301 redirect. Here's the response after linking.

HTTP/1.1 301 Moved Permanently
Server: GitHub.com
Content-Type: text/html
Location: http://basicallydan.github.io/forkability/
X-GitHub-Request-Id: 17EB2C17:2F48:7697D31:566ADF05
Content-Length: 178
Accept-Ranges: bytes
Date: Fri, 11 Dec 2015 14:34:45 GMT
Via: 1.1 varnish
Age: 0
Connection: keep-alive
X-Served-By: cache-dfw1828-DFW
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1449844485.729198,VS0,VE39
Vary: Accept-Encoding
X-Fastly-Request-ID: a89ce6ab4333b3b88d9838b72e4c63d8170d50f1

We know that github SSL is working and providing service for https. So I'm not sure why they are forcing a redirect or why it has to be a Moved Permanently

[thinkingmedia]

Oh, it looks like you might have fixed the problem.

I guess you force HTTPS when the button is clicked. Anyway it appears to be working now.

Thanks!

[thinkingmedia]

There are still links that take you to the none HTTP and you have to sign-in again. If the links could just be made explicate that should fix the problem.

[basicallydan]

Can you be more specific?
On 11 Dec 2015 21:39, "Thinking Media" [email protected] wrote:

There are still links that take you to the none HTTP and you have to
sign-in again. If the links could just be made explicate that should fix
the problem.

—
Reply to this email directly or view it on GitHub
#69 (comment)
.

[M-Zuber]

@M-Zuber Your opinion here would be appreciated too. What do you guys think, seems like a good solution? It should wait 700ms before sending you so that the button has a chance to change to "Redirecting to HTTPS" in case you didn't get it.

Sounds good to me

[basicallydan]

So I think this is all OK now. @thinkingmedia are you satisfied with the solution I went with?

[thinkingmedia]

Yes the website is usable, but the after you've tested a repo and you see the result page. Clicking the "Try another" link redirects back to the non-HTTPS page.

I'm thinking this is a bigger issue and should be sent to Github as a support request. See what the official word is on HTTPS support.

[basicallydan]

That's a good idea. I'll do that.
On 22 Dec 2015 16:51, "Thinking Media" [email protected] wrote:

Yes the website is usable, but the after you've tested a repo and you see
the result page. Clicking the "Try another" link redirects back to the
non-HTTPS page.

I'm thinking this is a bigger issue and should be sent to Github as a
support request. See what the official word is on HTTPS support.

—
Reply to this email directly or view it on GitHub
#69 (comment)
.