Warning: Potential Security Risk Ahead - accessing upgrade page

[TonyM]

I detected this in the latest General release of FireFox accessing https://www.tiddlywiki.com/upgrade.html

Firefox detected a potential security threat and did not continue to www.tiddlywiki.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.tiddlywiki.com. The certificate is only valid for the following names: www.github.com, *.github.io, *.githubusercontent.com, *.github.com, github.com, github.io, githubusercontent.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

Snapshot of certificate attached

Regards

Tony

[Jeremy Ruston]

Hi Tony

The problem appears when you use www.tiddlywiki.com instead of plain tiddlywiki.com; if you try https://tiddlywiki.com/upgrade.html then things work OK.

I think this is something to do with GitHub Pages hosting; it is supposed to redirect www. to the plain URL, but it seems to only do that properly when accessing the top level URI

Best wishes

Jeremy.

--
You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywikide...@googlegroups.com.
To post to this group, send email to tiddly...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywikidev.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywikidev/5156cf8a-fa52-4e55-8d0e-e1082174f28e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<UpgradeCert.jpg>

[TonyM]

Jeremy,

Thanks. I would not normally add www to such a link myself, so perhaps it is coded somewhere and should be changed.

Just FYI

Regards

Tony

On Sunday, May 19, 2019 at 8:28:55 PM UTC+10, Jeremy Ruston wrote:

Hi Tony

The problem appears when you use www.tiddlywiki.com instead of plain tiddlywiki.com; if you try https://tiddlywiki.com/upgrade.html then things work OK.

I think this is something to do with GitHub Pages hosting; it is supposed to redirect www. to the plain URL, but it seems to only do that properly when accessing the top level URI

Best wishes

Jeremy.

On 19 May 2019, at 08:48, TonyM <anthon...@gmail.com> wrote:

I detected this in the latest General release of FireFox accessing https://www.tiddlywiki.com/upgrade.html

Firefox detected a potential security threat and did not continue to www.tiddlywiki.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.tiddlywiki.com. The certificate is only valid for the following names: www.github.com, *.github.io, *.githubusercontent.com, *.github.com, github.com, github.io, githubusercontent.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

Snapshot of certificate attached

Regards

Tony

--
You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to tiddly...@googlegroups.com.

[Jeremy Ruston]

Just adding that this turns out to be a common problem when hosting HTTPS sites on GitHub Pages:

https://github.community/t5/GitHub-Pages/Does-GitHub-Pages-Support-HTTPS-for-www-and-subdomains/td-p/7116

Best wishes

Jeremy

To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywikide...@googlegroups.com.

To post to this group, send email to tiddly...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywikidev.

To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywikidev/86bb6d2e-187a-4bf6-b227-a9618c8f6253%40googlegroups.com.