Hybrid View

  1. #1
    Sencha User
    Join Date
    Feb 2012
    Posts
    4
    Vote Rating
    0
    Neck is on a distinguished road

      0  

    Default Answered: Availability of SSL (https)

    Answered: Availability of SSL (https)


    I've posted in an existing thread (http://www.sencha.com/forum/showthre...cha.IO-and-SSL) but later realised it probably wasn't the right section. So here is my question:

    Does src.sencha.io support SSL (https)? If not (which I think is the case at the moment), is it a planned feature and under which conditions?

    Sorry if this has been asked before, I was unable to find any information on this topic. Or to be more precise I found an advice to use https://tinysrc.appspot.com, but this now redirect to sencha (without SSL).

  2. This is a compelling use case. We'll consider it in our product planning.

    The Sencha.io Src service is currently a free service (for reasonable usage).

    John

  3. #2
    Sencha User
    Join Date
    Apr 2010
    Posts
    107
    Answers
    30
    Vote Rating
    -1
    merrells is an unknown quantity at this point

      0  

    Default


    Hello,

    There's no plan to implement https for src.

    What's your use case?

    John

  4. #3
    Sencha User
    Join Date
    Feb 2012
    Posts
    4
    Vote Rating
    0
    Neck is on a distinguished road

      0  

    Default


    Hello John,

    Thanks for the quick reply. My use case is, I believe, pretty common: my website is partially served over SSL. The main reason to do so is the increased user privacy, which is especially important for mobile-aimed website. More on this topic: Coding Horror: Should All Web Traffic Be Encrypted?

    The issue with src is that, since https is not supported, including it within a https-enabled website will result in a mixed connections warning (your connection to this site is only partially encrypted pop-up, etc depending on browser).

    From a technical point of view this is not an issue: who cares if images are viewed by a third party, if it was holding sensitive information it shouldn't pass through src in the first place.

    However from a end-user point of view this is a huge problem: such warnings look shady and unprofessional. Worse: most browsers supply no information on what causes it, leaving the average user unable to judge whether it is a security risk or not.

  5. #4
    Sencha User
    Join Date
    Oct 2011
    Location
    Germany
    Posts
    146
    Answers
    4
    Vote Rating
    10
    Möhre will become famous soon enough

      0  

    Default


    But for sure Sencha will add SSL for Sencha.io Login and Data, so why not add SSL for src if Sencha customers would pay for it?

  6. #5
    Sencha User
    Join Date
    Apr 2010
    Posts
    107
    Answers
    30
    Vote Rating
    -1
    merrells is an unknown quantity at this point

      0  

    Default


    This is a compelling use case. We'll consider it in our product planning.

    The Sencha.io Src service is currently a free service (for reasonable usage).

    John

  7. #6
    Sencha User
    Join Date
    Feb 2012
    Posts
    4
    Vote Rating
    0
    Neck is on a distinguished road

      0  

    Default


    Thanks for the attention, always a pleasure to see developers caring about their products .

Thread Participants: 2

Tags for this Thread