Web browser security and TLS changes

Christina Cone $organization over 10 years ago

Hello.

In response to the changes made regarding early TLS in February, has anyone added a browser detection/update warning on their website to encourage patrons to upgrade if needed? Or taken some other kind of approach?

I've been looking at code here: http://browser-update.org/. But I don't really know if this is a trust-worthy source...Comments or suggestions welcome!

Thanks,

Christina Cone
Berkeley Repertory Theatre

Parents

Christopher Sherwood $organization over 10 years ago

For FTC's website I added a banner that gets removed via a script hosted by our TNEW site. Easy enough to load it over HTTPS. The banner has a link to Qualys' browser page.

I had also played with the idea of using a CSS property from a staticfile hosted on our TNEW site but just landed on implementing the script as a stop gap before doing that.

Looking quickly you could link to https://tickets.berkeleyrep.org/_script/fullcalendar/fullcalendar.css and place a banner with the class fc-state-disabled on your site easy enough.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Christina Cone $organization over 9 years ago in reply to Christopher Sherwood

Hi, Christopher.

Thanks for your reply, and please excuse my delayed reply. Would you be willing to share the script you use for FTC with me?

Thanks,
Christina (ccone@berkeleyrep.org)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Christina Cone $organization over 9 years ago in reply to Christopher Sherwood

Hi, Christopher.

Thanks for your reply, and please excuse my delayed reply. Would you be willing to share the script you use for FTC with me?

Thanks,
Christina (ccone@berkeleyrep.org)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

Christopher Sherwood $organization over 9 years ago in reply to Christina Cone

The script relies on a file hosted on our TNEW site and is really hackish.

here is something similar for Berkley Rep's site (wrote this in pure JS because the BR site doesn't load jQuery correctly over HTTPS)

This should work (again it's a bit hackish and only wait's 1s for a response from the TNEW site):

var head = document.head,

link = document.createElement('link');

window.TLSChecked = false;

window.TLSCheck = function(){

if(window.TLSChecked) return false;

var element = document.createElement('div')

body = document.body;

element.style = "width:100%; height:1em; padding:1em; font-size:24px;background:red;text-align:center;";

element.id = "TLS-Check";

element.innerHTML="BROWSER DOESN'T SUPPORT TLS OR TNEW IS DOWN";

document.body.insertBefore(element,document.body.childNodes[0]);

}

link.type = 'text/css';

link.rel = 'stylesheet';

link.href = 'https://tickets.berkeleyrep.org/_script/fullcalendar/fullcalendar.css';

link.onload = function(){window.TLSChecked = true};

window.setTimeout("TLSCheck()",1000);

head.appendChild(link);

To test failure just put in an incorrect URL:

var head = document.head,

link = document.createElement('link');

window.TLSChecked = false;

window.TLSCheck = function(){

if(window.TLSChecked) return false;

var element = document.createElement('div')

body = document.body;

element.style = "width:100%; height:1em; padding:1em; font-size:24px;background:red;text-align:center;";

element.id = "TLS-Check";

element.innerHTML="BROWSER DOESN'T SUPPORT TLS OR TNEW IS DOWN";

document.body.insertBefore(element,document.body.childNodes[0]);

}

link.type = 'text/css';

link.rel = 'stylesheet';

link.href = 'THIS WILL FAIL';

link.onload = function(){window.TLSChecked = true};

window.setTimeout("TLSCheck()",1000);

head.appendChild(link);

[edited by: Christopher Sherwood at 4:19 PM (GMT -6) on 6 Jun 2016]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel