Print Page | Close Window

20MAY2016 Illyriad is now secure connections only

Printed From: Illyriad
Category: News & Announcements
Forum Name: News & Announcements
Forum Description: Changes, patch release dates, server launch dates, downtime notifications etc.
URL: http://forum.illyriad.co.uk/forum_posts.asp?TID=6899
Printed Date: 17 Apr 2022 at 10:28
Software Version: Web Wiz Forums 12.03 - http://www.webwizforums.com


Topic: 20MAY2016 Illyriad is now secure connections only
Posted By: GM ThunderCat
Subject: 20MAY2016 Illyriad is now secure connections only
Date Posted: 20 May 2016 at 17:10
The Illyriad Game is now only available over https

Any previous links will automatically be forwarded from http to https and all in game links in game should automatically become https.

Also CDN assets: images, css, javascript etc will be served over http/2 where available.

As well as protecting your communications better this should also prevent ISPs from injecting ads, breaking javascript etc.



Replies:
Posted By: Dungshoveleux
Date Posted: 20 May 2016 at 17:38
Well, I'm using chrome on win xp and have tried to log in and now the login button on the login screen just doesn't work for me even though the url shows https and I tried password reset on one of my accounts.  Something not right somewhere? Had no problem logging on last night briefly.
Dung


Posted By: Corwin
Date Posted: 20 May 2016 at 17:51
i got exactly the same problem and also using chrome and xp


Posted By: Dungshoveleux
Date Posted: 20 May 2016 at 17:54
Either its all snafu or I've been banned!!! or I might have to buy a new pc - grrr!


Posted By: Tensmoor
Date Posted: 20 May 2016 at 17:54
Should this have affected any userscripts (ie DurcTools etc)? The userscript allows for HTTPS but none of the scripts/code is being injected.


Posted By: Dungshoveleux
Date Posted: 20 May 2016 at 17:56
GM Thundercat is probably in the pub right now - I'll check back daily.


Posted By: Tensmoor
Date Posted: 20 May 2016 at 17:59
I'm looking into trying to get the tools done as a browser extension so this won't happen in the future but that is going to take a while - never done one before.


Posted By: GM ThunderCat
Date Posted: 20 May 2016 at 17:59
Originally posted by Tensmoor Tensmoor wrote:

Should this have affected any userscripts (ie DurcTools etc)? The userscript allows for HTTPS but none of the scripts/code is being injected.
It may look like a different domain so may need to be updated


Posted By: GM ThunderCat
Date Posted: 20 May 2016 at 18:01
Originally posted by Dungshoveleux Dungshoveleux wrote:

Well, I'm using chrome on win xp and have tried to log in and now the login button on the login screen just doesn't work for me even though the url shows https and I tried password reset on one of my accounts.  Something not right somewhere? Had no problem logging on last night briefly.
Dung

Can you see this image?



Can you access this page?  https://www.illyriad.co.uk/" rel="nofollow - https://www.illyriad.co.uk/




Posted By: Corwin
Date Posted: 20 May 2016 at 18:04
no


Posted By: Tensmoor
Date Posted: 20 May 2016 at 18:18
Originally posted by GM ThunderCat GM ThunderCat wrote:

It may look like a different domain so may need to be updated


The script is enable for:

         http://*.illyriad.co.uk/*
         https://*.illyriad.co.uk/*

and it shows as running but is having no effect.  I'm going to have a go at creating a browser add-on for Firefox to see if I can access the page that way.



Posted By: Mistery
Date Posted: 20 May 2016 at 18:33
Query - Was this change due to the weird mail that was in my IGM box (server time just after 11am) but has now disappeared from my box with no intervention by myself.

I only ask as I have an awful memory but I'm pretty sure I saw the mail as I wondered who the hell it was from


-------------
http://elgea.illyriad.co.uk/a/p/47877" rel="nofollow">


Posted By: GM ThunderCat
Date Posted: 20 May 2016 at 18:42
Originally posted by Mistery Mistery wrote:

Query - Was this change due to the weird mail that was in my IGM box (server time just after 11am) but has now disappeared from my box with no intervention by myself.

I only ask as I have an awful memory but I'm pretty sure I saw the mail as I wondered who the hell it was from
Unrelated to the spam email Smile


Posted By: Dungshoveleux
Date Posted: 20 May 2016 at 18:43
For me the image isn't shown but I can access the https page.
However even if I fill out the userid and password, the login button button won't work.
Normally it "depresses" and the login script runs.
I will try from my son's chrome on win 7 and report back. Seems to work on his machine.


Posted By: Corwin
Date Posted: 20 May 2016 at 19:34
can i login with windows xp in the future, or do i need to change that before i can come back again?


Posted By: GM ThunderCat
Date Posted: 20 May 2016 at 20:09
Originally posted by Corwin Corwin wrote:

can i login with windows xp in the future, or do i need to change that before i can come back again?
We are looking into it


Posted By: Terraformer
Date Posted: 20 May 2016 at 22:09
The problem of the login button not working happened to me awhile ago. It fixed itself after almost a full day. First I was having very slow page lag, then I couldn't log in. No other sites were affected and I just waited. Sux tho if you have armies out, sieges, captures, etc. I use Windows 10 with chrome on a newer laptop.


Posted By: GM ThunderCat
Date Posted: 20 May 2016 at 22:54
Windows XP issue should now be resolved?


Posted By: Tensmoor
Date Posted: 20 May 2016 at 23:37
I've now found a userscript that works so I'm examining it for differences to mine. Hopefully that will allow me to get them back up and running without having to delve into the black art of extensions...


Posted By: Rill
Date Posted: 20 May 2016 at 23:55
The problem with the login button not working in Chrome happens intermittently for me; it's been happening for so long I just don't complain about it.  Now I automatically clear my cache and refresh my browser on that page before I even attempt to log in.


Posted By: Digioso
Date Posted: 21 May 2016 at 07:50
@Tensmoor: I'm using NoScript and NoScript now asked me to allow data from illyriad.net. Otherwise I wasn't able to see anything. So maybe you have to also check for illyriad.net .


-------------
http://www.digioso.org" rel="nofollow">


Posted By: Tensmoor
Date Posted: 21 May 2016 at 09:28
Originally posted by Digioso Digioso wrote:

@Tensmoor: I'm using NoScript and NoScript now asked me to allow data from illyriad.net. Otherwise I wasn't able to see anything. So maybe you have to also check for illyriad.net .


I gave that a try Digioso but no joy. I think the problem is that I'm loading resources from a non-https server. As I'm not willing to invest the money needed to secure both the runtime and development servers I'm currently creating a really basic browser extension for Firefox to see if I can do it that way.

Edited to change non-http to non-https


Posted By: Dungshoveleux
Date Posted: 21 May 2016 at 13:05
Update: as of now saturday 12:01 the problem seems to have been resolved.
A big thank you to GM Thundercat and any other devs involved.
I take back the bit about the pub, but on second thoughts, you guys do need to get out a bit. Existing on food like cheese slices* that can be slipped under the office door isn't healthy. 
Smile

*see Michael from the 1995 book Microserfs by Douglas Coupland.


Posted By: Diva
Date Posted: 21 May 2016 at 14:37
I don't know if this is related, but in-game medallist function sharing design by IGM is not showing to the receiver of IGM.

I will make a ticket.


-------------
"Um diva.... you are sort of acting like a .... diva...." - PhoenixFire


Posted By: Tensmoor
Date Posted: 23 May 2016 at 12:54
I've found a solution to the problem with DurcTools not running but there is one outstanding issue that I can't solve. The tools use a mix of localStorage and IndexedDB to store information for players on their own machines. Access to the information stored by both these technologies is only available when the browser that created the data is on the site that it was on when it created it. The change in the URL from http to https means that any data previously stored is no longer available. While this is not a major problem for the majority of the data it is for the  notes tool. Some players have created quite a large collection of notes that they will no longer be able to access. I've contacted GM Rikoo to see if we can come up with a method of being able to allow users to export the data and then import it into the new secure site. In the meantime I'll carry on getting the DurcTools site transfered to a secure server and back up and running.


Posted By: Digioso
Date Posted: 01 Jun 2016 at 19:10
Was there another change today morning regarding the Combat report API and HTTPS?

When you access a combat report or API key it now automatically switches to HTTPS.

If yes - would it be possible to revoke that change until Kodabears tournament has ended? It seems that his webhoster is blocking https connections and therefore only http is allowed.


-------------
http://www.digioso.org" rel="nofollow">


Posted By: GM ThunderCat
Date Posted: 01 Jun 2016 at 20:01
Its been changed since the announcement; it may be the redirect - if he changes the url to be https rather than http it should work.

It would be very strange for a webhost to block https


Posted By: Digioso
Date Posted: 01 Jun 2016 at 20:07
Thanks for the answer, TC.

We tried changing the URL to https - but no luck so far.
The problem first occured today morning at around 4am server time.
Our database update was still working at 04:03:44am and the next one around 5 minutes later didn't work anymore.

Right now I'm looking into disabling SSL verifies but so far no luck.

Edit:
Our current error:

Error GETing https://elgea.illyriad.co.uk/external/combatreportsapi/SOMEONES_API_KEY_HERE?since=2016-06-01T04:03:44: Can't connect to elgea.illyriad.co.uk:443 (Connection timed out)

Since I can run that query just fine on my PC I guess that port 443 might be blocked by the firewall.


-------------
http://www.digioso.org" rel="nofollow">


Posted By: GM Stormcrow
Date Posted: 02 Jun 2016 at 06:09
This is a strange one.

Illy's pages (including the API key calls) have been redirecting to https for nearly 2 weeks now; and we certainly haven't changed anything in the last 24-48hrs.

Can you command-line test (from the webserver) an https (port 443) GET of any old page (not necessarily an API page) on elgea and see what comes back?  And can you then try a standard HTTP (port 80) get of the same page?

Would be useful to know.  My suspicion is, I'm afraid to say, that this is nothing to do with us; and I think you need to have a convo with your hosting provider, who may have seen a large, sudden, recent spike in traffic inbound and outbound from *.illyriad.co.uk (due to your tournie) and have chosen to block the domain.

Do let us know.

SC




Posted By: kodabear
Date Posted: 02 Jun 2016 at 06:19
I am still able to get the datafiles with out any problems. I am in middle of talking to them had to open up a ticket and who knows how long that will take. I do want to point out the datafiles arent redirecting to https


Posted By: kodabear
Date Posted: 02 Jun 2016 at 07:16
it seems that anything that is elgea.illyriad.co.uk/* i am unable to access though my  web server.  I am using wget and SHH to test if i can access  or not. 


Posted By: GM Stormcrow
Date Posted: 03 Jun 2016 at 05:10
Seems like your data feeds are up-to-date now.

I guess you guys worked it all out?

Let us know if there's anything we can do to help.

Best,

SC


Posted By: Tensmoor
Date Posted: 03 Jun 2016 at 09:55
SC,
is there any way that you can make a non-https page available so users of DurcTools can retrieve any notes they had made during the time before the switch to https?

IndexedDB needs the protocol, url and browser be the same to access any information stored. If a http page with a url that begins with elgea.illyriad.co.uk can be made available I've got a script they can use to export the data to a file which they can then import into the new https version.

It would not need to be available forever, just long enough to allow people a chance to export their notes.

Tens


Posted By: kodabear
Date Posted: 03 Jun 2016 at 21:42
Originally posted by GM Stormcrow GM Stormcrow wrote:

Seems like your data feeds are up-to-date now.

I guess you guys worked it all out?

Let us know if there's anything we can do to help.

Best,

SC

 
 currently i am running the perl script off my PC. Still having problems running though my webserver. My hosting just got back to me today and they want me to provide  Screenshot of the error you are getting and Steps to replicate my issue.



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.03 - http://www.webwizforums.com
Copyright ©2001-2019 Web Wiz Ltd. - https://www.webwiz.net