Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Use https instead of http as protocol in links to php.net #623

Closed
wants to merge 1 commit into from
Closed

Fix: Use https instead of http as protocol in links to php.net #623

wants to merge 1 commit into from

Conversation

localheinz
Copy link
Contributor

@localheinz localheinz commented Jul 8, 2022
edited
Loading

This pull request

  • uses https instead of http as protocol in links to php.net

πŸ’β€β™‚οΈ Not sure if this is a bit over the top, but I replaced http://(.+\.)?php.net with https://$1php.net in PhpStorm.

@localheinz localheinz force-pushed the fix/protocol branch 10 times, most recently from 458f331 to a2e67a2 Compare July 8, 2022 21:04
@localheinz
Copy link
Contributor Author

This seems hard to review - not sure if it's worth it, given that most website maintainers will usually redirect from http to https.

What do you think?

@Ayesh
Copy link
Member

Ayesh commented Jul 9, 2022

It sure is a lot to review, but I like the idea behind this, that we gradually upgrade to HTTPS links. Some of the sites (such as https://thebrainroom.com) don't seem to support HTTPS, so perhaps we can automate it? I remember some "awesome" GitHub projects that list links to related projects automated a link checker, I will try to look it up.

We could also sed it for *.php.net and github.com as a starting point. These sites are the most common links we have, and seem to support HTTPS on all sub domains as well.

@localheinz localheinz changed the title Fix: Use https instead of http as protocol in links Fix: Use https instead of http as protocol in links to php.net Jul 11, 2022
@Ayesh
Copy link
Member

Ayesh commented Jul 13, 2022
edited
Loading

As far as I can see, php.net sites such as {pecl|pear|windows|gtk|conf|qa|bugs|news|wiki}.php.net use the same HTTPS certificate with CN *.php.net, so I assume they are safe to use with HTTPS without a doubt because any issues with this certificate will alert pretty much everyone.

Looking at {windows|downloads}.php.net certificates on crt.sh, they seem to be automated, so they are safe to use too.

{bk2|monitoring|prototype-meta}.php.net seem to be automated too, but I have never had any insight into who and how these sites run. Again, the crt.sh data shows the certificates are being renewed correctly.

So to summarize, I think we covered all php.net subdomains, and they all seem to be serving correctly over HTTPS (though, we could improve it).

That said, the change set looks good :) Thank you.

We might as well serve HSTS headers and preload it, but I'd be digressing, and might be better off discussing in a separate issue.

@Ayesh Ayesh mentioned this pull request Jul 13, 2022
Open
cmb69
cmb69 reviewed Jul 13, 2022
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All in all, I think this makes sense, although there might be more general issues here (I've commented on a few). Anyhow, these issues are unrelated, and switching the protocol can be done. Could you please fix the merge conflicts?

archive/1998.php
<a href="http://cvs.php.net/co.php/phpweb/Attic/release-3.0.txt?sa=1&amp;login=2&amp;r=1.2">Read
<a href="https://cvs.php.net/co.php/phpweb/Attic/release-3.0.txt?sa=1&amp;login=2&amp;r=1.2">Read
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cvs.php.net is no longer abailable (for years?)

urlhowto.php
<a href="http://bugs.php.net/">http://bugs.php.net/</a>.
<a href="https://bugs.php.net/">http://bugs.php.net/</a>.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should point to issues, but likely more of that stuff can be removed, because the mirror program has been retired some years ago.

@samdark
Copy link
Contributor

samdark commented Oct 17, 2022

#287

@localheinz localheinz force-pushed the fix/protocol branch 3 times, most recently from 073628f to ea5f4e8 Compare December 5, 2023 12:20
@localheinz localheinz marked this pull request as draft December 5, 2023 12:21
@localheinz localheinz marked this pull request as ready for review December 5, 2023 12:25
@derickr
Copy link
Member

derickr commented Dec 7, 2023

As far as I can see, php.net sites such as {pecl|pear|windows|gtk|conf|qa|bugs|news|wiki}.php.net use the same HTTPS certificate with CN *.php.net, so I assume they are safe to use with HTTPS without a doubt because any issues with this certificate will alert pretty much everyone.

That is no longer true.

@localheinz localheinz closed this Feb 12, 2024
@localheinz localheinz deleted the fix/protocol branch February 12, 2024 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmb69 cmb69 cmb69 left review comments

Assignees
No one assigned
Labels
Waiting on Author
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@localheinz @Ayesh @samdark @derickr @cmb69 @saundefined