Chrome 44 cgi.https value changed from "on" for SSL traffic to "1" for all traffic

Weird issue, used to use a few cgi.https comparison with "on" as per https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx which indicates it would be populated with on or off in IIS.

In Chrome 43 this used to return the value on for https and off for http, in chrome 44 the value has change to 1 for all traffic (https and http), nothing in the release notes from what I can see at https://chromium.googlesource.com/chromium/src/+log/43.0.2357.134..44.0.2403.89?pretty=fuller&n=10000


Update: Google acknowledge the issue and fixed it see http://src.chromium.org/viewvc/blink?view=revision&revision=199090

The "number" of websites the release broke is funny, as I would think it is "a lot", WooCommerce apparently was broken, as was any PHP or ColdFusion code using the cgi.https comparison.

Just as an FYI, I'm not sure what php.net did to their website in response, but their main google SERP says https://www.php.net which is unreachable with a base href of https but now that seems to be changed to https://secure.php.net


The issue occurred from Chrome Version 44.0.2403.89 on 21/Jul/2015 to approx. 44.0.2403.107 on 24/July /2015 when the header was renamed to "Upgrade-Insecure-Requests"

Another life long hack required for backward compatible websites, thanks.

Comments

Post a Comment

Popular posts from this blog

Global SQL Procedure, System Objects and sp_ms_marksystemobject

You may come across a need to have a database of utils full of generic procedures which work on indvidual databases (say client databases). You can't pass the database name into the procedure as a parameter and say "use @dbname" in the procedure and dynamic sql sucks. One workaround is to create the procedure in the master database and then mark it as a system object. eg use [master] create procedure sp_doThis // note the sp_ prefix is required begin // etc etc end go exec sp_ms_marksystemobject 'sp_doThis' // second note, this procedure is undocumented, so I wouldn't be relying on this for life or death. use [myotherdb] exec sp_doThis go All done!
Read more

cf_sql_timestamp vs cf_sql_date vs getdate()

If there's one thing I don't like it is people confusing a date with a timestamp, and how a lazy bit of development can ruin a load of data. Here is a simple query inserting data to a timestamp I found in a system where all the created dates were truncated because of the incorrect syntax. Bad one which was in use: insert into testdate values (<cfqueryparam cfsqltype="cf_sql_date" value="#createodbcdatetime(now())#">); Result :  2015-09-29 00:00:00.000 Best One (easiest to read) insert into testdate values(getdate() ); Result : 2015-09-29 10:10:09.880 Not great (no binding) insert into testdate values(#createodbcdatetime(now())#); Result :  2015-09-29 10:14:44.000 What the bad one should have been insert into testdate values(<cfqueryparam cfsqltype=" cf_sql_timestamp " value="#createodbcdatetime(now())#">)
Read more

Lucee 4.5.2 cfpdfparam difference with Adobe ColdFusion

Suppose the following on Lucee 4.5.2: <cfset x = 1> <cfdocument format="pdf" pagetype="A4" name="myVar#x#"> <cfdocumentsection> Hi there </cfdocumentsection> </cfdocument> <cfpdf action="merge" destination="RAM:///myPDF.pdf" overwrite="yes">     <cfpdfparam source="#evaluate("myVar#x#")#" /> </cfpdf> <cfcontent file="RAM:///myPDF.pdf" type="application/pdf"> then to check it also runs on Adobe Cf; you'd actually end up with: "ByteArray objects cannot be converted to strings."   The original code for Adobe CF ran with the paramater like so:  <cfpdfparam source="myVar#x#" /> Both sets of documentation list source defined as follows: "Source PDF file to merge. You can specify a PDF variable, a cfdocument variable, or the pathname to a file." This would indicate it is just...
Read more