We're doomed!

cant you all get it right the first time this is a waste of time for us that pay for this game

cant you all get it right the first time this is a waste of time for us that pay for this game

 

What?

 

This refers to the web site.. NOT the actual game. Besides.. he said while there may be some slowness as they are working on the site... it remains available. Web site is no mission critical, particularly not for you.

Edited July 18, 2018 by Andryah

Man please hurry up, I wanted to buy cartel coins today, but the website does not work.

Home page is borked but I still found the Community link. Lucky for me.

Is this the reason why I see a link to the patch notes of 3.3.2 in the Launcher?

I feel more secure already...but my emotes aren't working...hmmm...

I feel more secure already...but my emotes aren't working...hmmm...

 

That's because browsers consider the site not secure. The certificate was issued to account.swtor.com, not swtor.com. May take a bit until it's updated.

Edited July 18, 2018 by Mubrak

Not the emotes! We all need Rak smilies. Is it that they don't work at all or they aren't showing up in the post/reply interface?

 

:rak_03::rak_03:

 

-eric

They show up (I can see yours), and I can see them on the side in my browser (firefox), but I can't 'click' on them at all. I can't open the [More] link either.

 

I believe Mubrak may be correct - I have the yellow triangle ! sign in the link at the top, which indicates unsecure images, which is what I assume the emotes are.

Not the emotes! We all need Rak smilies. Is it that they don't work at all or they aren't showing up in the post/reply interface?

 

:rak_03::rak_03:

 

-eric

The forums use the Yahoo API to load the YUI framework, and right now it requests the HTTP version. That's why if you open the forums as HTTPS, most JavaScripts don't work, including the smileys. (Smileys are visible, but the buttons to insert smileys don't work)

 

The following two scripts are affected:

http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=385

http://yui.yahooapis.com/2.7.0/build/connection/connection-min.js?v=385

 

They need to be changed to HTTPS as follows (note the changed subdomain):

https://yui-s.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=385

https://yui-s.yahooapis.com/2.7.0/build/connection/connection-min.js?v=385

Or alternatively, you can self-host them for fewer points of failure. I'm sure your engineers will know what to do.

 

In addition, you use a tracking script by EA, with the following URLs:

http://resources.ea.com/omniture/s_code_remote_v02.js

http://resources.ea.com/omniture/omniture_wrapper.js

Until those URLs are fixed, you'll be unable to track forum visitors on the HTTPS site, but smileys should be working. There doesn't appear to be a HTTPS version of those scripts at the moment, so you'll need to talk to the team at EA about that.

 

There are also plenty of other images and stylesheets that are still requested as HTTP, and those will need to be updated as well.

(Google Chrome is still loading them, it only requires HTTPS for JavaScript at the moment, so this is not top priority at the moment. But it doesn't really make sense to encrypt your site if all the resources are still served over HTTP.)

Edited July 18, 2018 by Jerba

The forums use the Yahoo API to load the YUI framework, and right now it requests the HTTP version. That's why if you open the forums as HTTPS, most JavaScripts don't work, including the smileys.

 

The following two scripts are affected:

http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=385

http://yui.yahooapis.com/2.7.0/build/connection/connection-min.js?v=385

 

They need to be changed to HTTPS as follows (not the changed subdomain):

https://yui-s.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=385

https://yui-s.yahooapis.com/2.7.0/build/connection/connection-min.js?v=385

Or alternatively, you can self-host them for fewer points of failure. I'm sure your engineers will know what to do.

 

There are also plenty of other images and stylesheets that are still requested as HTTP, and those will need to be updated as well. Google Chrome is still loading them, it only requires HTTPS for JavaScript at the moment.

But it doesn't really make sense to encrypt your site if all the resources are still served over HTTP.

I was just about to type the same thing...you just beat me to it

 

(good post, thank you!)

The forums use the Yahoo API to load the YUI framework, and right now it requests the HTTP version. That's why if you open the forums as HTTPS, most JavaScripts don't work, including the smileys. (Smileys are visible, but the buttons to insert smileys don't work)

 

The following two scripts are affected:

http://yui.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=385

http://yui.yahooapis.com/2.7.0/build/connection/connection-min.js?v=385

 

They need to be changed to HTTPS as follows (note the changed subdomain):

https://yui-s.yahooapis.com/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=385

https://yui-s.yahooapis.com/2.7.0/build/connection/connection-min.js?v=385

Or alternatively, you can self-host them for fewer points of failure. I'm sure your engineers will know what to do.

 

In addition, you use a tracking script by EA, with the following URLs:

http://resources.ea.com/omniture/s_code_remote_v02.js

http://resources.ea.com/omniture/omniture_wrapper.js

Until those URLs are fixed, you'll be unable to track forum visitors on the HTTPS site, but smileys should be working. There doesn't appear to be a HTTPS version of those scripts at the moment, so you'll need to talk to the team at EA about that.

 

There are also plenty of other images and stylesheets that are still requested as HTTP, and those will need to be updated as well.

(Google Chrome is still loading them, it only requires HTTPS for JavaScript at the moment, so this is not top priority at the moment. But it doesn't really make sense to encrypt your site if all the resources are still served over HTTP.)

 

^^ well stated.

 

I honestly do not understand why players have to explain this to the studio. Their web team (which is probably poached resources from somewhere else in EA) should know this sort of thing and make sure it does not even happen. We had a similar issue a few months back... so they did not learn anything I guess.

 

On the other hand... if it was the "PvP dev guy" that got tasked to do the site work as a "side job"... I guess I can see why it fell all over the floor again... because it is not his core competency.

Edited July 19, 2018 by Andryah

^^ well stated.

 

I honestly do not understand why players have to explain this to the studio. Their web team (which is probably poached resources from somewhere else in EA) should know this sort of thing and make sure it does not even happen. We had a similar issue a few months back... so they did not learn anything I guess.

 

On the other hand... if it was the "PvP dev guy" that got tasked to do the site work as a "side job"... I guess I can see why it fell all over the floor again... because it is not his core competency.

I wouldn't judge them too harshly. Obviously, they don't intend everyone to be using the HTTPS version right now; they just installed the certificates and will now spend the next few weeks/months figuring out all the pages where there are still some HTTP resources being referenced.

 

Considering that the website was outsourced or the people are no longer working at BioWare, it makes sense for the new people to do a gradual transition until they have fixed all the errors. That's also why they don't redirect to HTTPS yet.

 

I do have to applaud BioWare for switching their website to HTTPS. I never expected that from a gaming company, so it's great to see them doing that.

On the other hand, I do have to wonder what happened to MMO security. 5-10 years ago, MMOs had state-of-the-art security. For example, having to use a keyfob/security token to login was pretty much unheard of back then. And also, MMOs were the first games to fully encrypt their network traffic.

But I guess that with a bean-counting company like EA, security is not a high priority, and I can understand why they won't hire the best people for working on the website, the core business is after all the game and not the website. So there's no need to judge them as harshly as you do.

Edited July 19, 2018 by Jerba

^^ well stated.

 

I honestly do not understand why players have to explain this to the studio. Their web team (which is probably poached resources from somewhere else in EA) should know this sort of thing and make sure it does not even happen. We had a similar issue a few months back... so they did not learn anything I guess.

 

On the other hand... if it was the "PvP dev guy" that got tasked to do the site work as a "side job"... I guess I can see why it fell all over the floor again... because it is not his core competency.

 

To be fair, Chrome announced it will start labeling http sites as "not secure" this month with its new release. This caused a bit of a frenzy not just over the browser, but how that would affect SEO since Google downgrades "unsecure" sites (this isn't fully admitted but it's a widely held assumption). While I agree that moving to an encrypted site should have happened long ago (it's super easy to migrate these days - it used to be a pain), I can understand why the focus for now would have just been on the top-level domain, with more to follow later...

I couldn't click on the smilies or on any of the text formatting options for a good year now. Neither on Firefox nor on Waterfox nor on Edge, all updated to the latest versions and Edge without any addons or plugins. Was hoping that it would work now, but no. Still the same. Luckily, I'm able to write the code manually with the