<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 29 December 2014 at 07:26, Markus Sabadello <span dir="ltr"><<a href="mailto:markus@projectdanube.org" target="_blank">markus@projectdanube.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Another thing Sunil and I talked about
yesterday is <a href="https://letsencrypt.org/" target="_blank">https://letsencrypt.org/</a><br>
<br>
If we add that to fbx, all our SSL problems should go away, right?<br></div></div></blockquote><div><br></div><div>Let's hope so!<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
No matter if we use subdomains or not..<span class="HOEnZb"><font color="#888888"><br></font></span></div></div></blockquote><div><br></div><div>You still have to deal with Same Origin Policy which applies to a bunch of stuff other than mixed content. For example, localStorage, web crypto API, perhaps more.<br><br></div><div>I like the sub domain pattern a lot, perhaps we should make a list of the trade offs.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div><span class="HOEnZb"><font color="#888888">
<br>
Markus</font></span><div><div class="h5"><br>
<br>
On 12/29/2014 01:17 AM, Ingo Stock wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<pre>Hi,
on 28/12/14 22:45, Markus Sabadello wrote:
</pre>
<blockquote type="cite">
<pre>One pattern I have been experimenting with is creating subdomains for
each new application which has a web interface.
I think this is more reliable than using folders, since some
applications may assume they are installed at the root /.
</pre>
</blockquote>
<pre>The problem with subdomains used together with self assigned
ssl-certificates is, that the browser will request the user to add a
security exception for every subdomain, even with a wildcard
certificate. This behavior is completely on the client side. Else the
user would have to install her personal CA in the browser.
Using directories is indeed less reliable, but possibly the better way
in regard to user experience. For software assuming to run in the root
directory, the code has to be rewritten on-the-fly by the webserver,
which is quite dirty.
atb, ingo
</pre>
<br>
<fieldset></fieldset>
<br>
</div></div><span class=""><pre>_______________________________________________
Freedombox-discuss mailing list
<a href="mailto:Freedombox-discuss@lists.alioth.debian.org" target="_blank">Freedombox-discuss@lists.alioth.debian.org</a>
<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss" target="_blank">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss</a></pre>
</span></blockquote>
<br>
</div>
<br>_______________________________________________<br>
Freedombox-discuss mailing list<br>
<a href="mailto:Freedombox-discuss@lists.alioth.debian.org">Freedombox-discuss@lists.alioth.debian.org</a><br>
<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss" target="_blank">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss</a><br></blockquote></div><br></div></div>