| That's good to hear |
| [quote=Plutia message=47477170] begija said: Seems they didn't implement it along with HSTS though.. :3 Probably better to make sure it works properly before implementing that, as undoing the caching is not an easy thing. You know how MAL always seems to have bugs on new stuff. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
Xinil said: Finally, if you are using any custom userscripts with a browser add-on like TamperMonkey, you may find that your URLs need to be updated to HTTPS. Thank you for telling that, actually really informative since I was really confused as to why some of my userscripts stopped working. |
 |
Xinil said: Also, in order to allow our 3rd party developers ample time to update their applications, we’ve decided to allow our API to support both HTTP and HTTPS for about 3 weeks. Please update your application(s) as soon as possible. By mid-September, the API endpoints will only use HTTPS. That's great, I was about to miss this, but it seems I have still time to update my third party client/app. By the way, a little OT: any plans about giving a "refresh" to the API too? It's really old, somewhat broken in some cases, etc. I hope there'll be news on that front too. |
| I developed a MyAnimeList App for Windows 10! Check it out if you're interested. :) |
TommasoScalici said: That's great, I was about to miss this, but it seems I have still time to update my third party client/app. Part of that is due to having to parse HTML to get data from MAL. With the change, the URLs inside the pages changed. Also, if the parser is detecting redirects (for certain reasons), then the http to https redirect breaks that. TommasoScalici said: By the way, a little OT: any plans about giving a "refresh" to the API too? It's really old, somewhat broken in some cases, etc. I hope there'll be news on that front too. Same. The official API is a joke. I've offered many times for MAL to use the API I help develop as an officially supported tool. It's quite full-featured too. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
| Great! |
┛|[ LAFWAN ]|┗  |
| Ayyy http op. Nice update mal , I've been waiting for this |
 |
| You should submit the website to HTTPSEverywhere now. |
| "When I grow up I want to be a housewife!" - Misaki Kamiigusa (Sakurasou no Pet na Kanojo) "I hope one day, you'll be reunited with the person you cherish." - Isla (Plastic Memories) |
| Awesome to see security getting in place! Those external images are going to be a pain to deal with though. |
Also, in order to allow our 3rd party developers ample time to update their applications, we’ve decided to allow our API to support both HTTP and HTTPS for about 3 weeks. Please update your application(s) as soon as possible. By mid-September, the API endpoints will only use HTTPS. Contrary to the above, http://myanimelist.net/malappinfo.php?status=all&type=anime&u=lordhighcaptain redirects to https.This breaks my site since mono does not have any root certificates installed by default. |
| +1 for more security! :D |
"A half moon, it has a dark half and a bright half, just like me…", Yuno Gasai |
LordHighCaptain said: Contrary to the above, http://myanimelist.net/malappinfo.php?status=all&type=anime&u=lordhighcaptain redirects to https. I believe malappinfo.php was deprecated in 2009 with a replacement "soon". Not surprised that it would be overlooked (or that MAL would find some way to cause issues). LordHighCaptain said: This breaks my site since mono does not have any root certificates installed by default. I expected that it would default to the system trust, but you're right. It doesn't have anything in the default trust. It does look like Mono v3 and above has a sync tool, and the docs claim it runs when Mono is installed. If you need a source though, the cURL site has a nice CA bundle you can import at https://curl.haxx.se/ca/cacert.pem. It's converted from the default Mozilla trusted roots. BTW, my public offer of API assistance to MAL still stands. I'd be happy to provide code and help to get a proper API running so we don't have a bunch of third-party solutions breaking in wild ways. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
| if this is why my list is broken, kms |
 Freddy Nicholas said: have control, be yourself, god is dead |
| Update August 25 Trouble logging in? / Getting 400 errors? Please whitelist myanimelist.cdn-dena.com in your script blockers. This is not a 3rd party website (MAL is owned by DeNA). @Canadian-OhTaKu CSS import problems for anime/manga list designs? Please host your CSS file(s) on a website which supports HTTPS (e.g. Dropbox). Unfortunately, it is not possible for us to enable HTTP imports on anime/manga lists. Why doesn't the "secured" symbol appear on profile/forum pages? This is due to mixed content on the pages (images in the About Me / posts which are from non-HTTPS sources). We decided it would be unnecessarily restrictive to require all images embedded by users to come from HTTPS sources. |
KinetaAug 25, 2016 3:19 AM
motoko said: TommasoScalici said: By the way, a little OT: any plans about giving a "refresh" to the API too? It's really old, somewhat broken in some cases, etc. I hope there'll be news on that front too. Same. The official API is a joke. I've offered many times for MAL to use the API I help develop as an officially supported tool. It's quite full-featured too. I'd love to at least get an update on that. Anything that comes from MAL. Even if it is "You are never getting a new API". We've been waiting since last year (Xinil told in his reddit AMA the new API would come by the end of 2015) and I haven't seen any word on that topic since. |
LordHighCaptain said: As stated somewhere else in this thread, this in an older version of the API. It now supports HTTP as well. Thank you for letting us know.Contrary to the above, http://myanimelist.net/malappinfo.php?status=all&type=anime&u=lordhighcaptain redirects to https. Malarkey said: Your list doesn't seem to be broken to me. Are you still having issues?if this is why my list is broken, kms Hshr said: nice, can your next project be making a fully featured RESTful API please? TommasoScalici said: By the way, a little OT: any plans about giving a "refresh" to the API too? It's really old, somewhat broken in some cases, etc. IATGOF said: We would really like to have the API overhauled and are fully aware there are many problems with it. Unfortunately, this is not something we can prioritise immediately, as we are still trying to improve site/mobile performance and functionality after years of neglect from our previous owners. This not only includes the new features you've seen; the backend of the site is still being reworked. Please understand that the site needs to be closer to fully functioning before we can focus on the API.I'd love to at least get an update on that. I've heard from many developers how painful our API is and I know many applications need to scrape data from the site to get all the information they require. Your frustration is warranted and fully understood. It's not that we aren't thrilled by all the apps users have written to work with MAL, or that we aren't sympathetic of your annoyance. There is just so much that needs to be done still, we need to prioritise other things if we want the site to continue receiving consistent, dedicated development. motoko said: Thank you for your offer, motoko. When we are able to prioritise an API overhaul, we will definitely get in contact with you and other 3rd party developers for input and feedback.BTW, my public offer of API assistance to MAL still stands. I'd be happy to provide code and help to get a proper API running so we don't have a bunch of third-party solutions breaking in wild ways. Speaking of which, I should probably start collecting a new list of developers. My old list is a bit outdated... 3rd party application developers, please add your information here to receive updates/information from us, when relevant. |
| 3rd party application developers, please add your information here to receive updates/information from us, when relevant.[/quote] Thanks for the answer and the added informations, I'll follow up to receive the latest news on the topic. motoko said: I'd be happy to provide code and help to get a proper API running so we don't have a bunch of third-party solutions breaking in wild ways. Also, I strongly agree with this and I'm available too to eventually share some code or give help for the API. When speaking of API, standardization is important to avoid multiple ways to access the same resources or doing the same things and create a mess. |
| I developed a MyAnimeList App for Windows 10! Check it out if you're interested. :) |
Kineta said: Please understand that the site needs to be closer to fully functioning before we can focus on the API. I can absolutely understand that. All I'm asking is more transparency on what is the current priority on the API, and a rough estimate on when we might get an update so we can plan accordingly. I've been waiting for the API to get updated to make a big overhaul of iMAL (which is very outdated currently) but now that I know it's not coming anytime soon I'll go ahead and switch to the unofficial API for now. |
| The next big step should be having a fully functional mobile app |
 |
| Thanks MAL!! I appreciate the effort for security purposes. I noticed that my anime and manga lists were a bit altered recently (last few days). I had buttons that were non functional and some fonts were unusual. I went to the announcement page and found this topic. I read about SSL changes and went into my lists and just added an "s" to my main host. All nice again with just a single "s"......good stuff. |
 |
motoko said: LordHighCaptain said: Contrary to the above, http://myanimelist.net/malappinfo.php?status=all&type=anime&u=lordhighcaptain redirects to https. I believe malappinfo.php was deprecated in 2009 with a replacement "soon". Not surprised that it would be overlooked (or that MAL would find some way to cause issues). LordHighCaptain said: This breaks my site since mono does not have any root certificates installed by default. I expected that it would default to the system trust, but you're right. It doesn't have anything in the default trust. It does look like Mono v3 and above has a sync tool, and the docs claim it runs when Mono is installed. If you need a source though, the cURL site has a nice CA bundle you can import at https://curl.haxx.se/ca/cacert.pem. It's converted from the default Mozilla trusted roots. Unfortunately I was on mono 3.2.8 and cert-sync isn't until 3.12. mozroots, the old certificate import tool, doesn't work anymore due to some change on Mozilla's end. You can pass it a file that contains certificates, but no file I tried would work, including your link. I ended up upgrading to the latest mono from the Xamarin repo instead of using the Debian repo and getting the root certs installed that way. @Kineta / @Xinil: Will the http->https redirects remain indefinitely? I assume so, so that links across the web aren't broken, but just checking if there's any rush to update my app's requests and links to https or if I can just let the redirects happen for a while. |
| Nice. And it only took you about a year to implement something that could have been done within 10 minutes! |
| Check you're signature make sure you're images and gif have a https link. |
  |
Catalyze said: Thanks MAL!! I appreciate the effort for security purposes. I noticed that my anime and manga lists were a bit altered recently (last few days). I had buttons that were non functional and some fonts were unusual. I went to the announcement page and found this topic. I read about SSL changes and went into my lists and just added an "s" to my main host. All nice again with just a single "s"......good stuff. change http://i.imgur.com/OCmi51I.png to https://i.imgur.com/OCmi51I.png in you're signature. |
| |
Serieskiller said: Nice. And it only took you about a year to implement something that could have been done within 10 minutes! Well, they have the CDN, which probably needed some planning. So, maybe more like a week, or a month if we want to be generous. |
| Developer, sysadmin, and anime addict. Have an Android smartphone? Try Atarashii! |
| Thanks! That's good news! |
 |
| I just found out, good job MAL! |
| Finally! Good job! |
 |
| Hallelujah, praise the Lord! :) |
| "The future is always blank. Only your willpower can leave footsteps there." "Ruling over death means ruling over life. Death is the climax of life. To have the best death, you must honor life." |
Kineta said: I was using the old list design before but have now switched overMalarkey said: Your list doesn't seem to be broken to me. Are you still having issues?if this is why my list is broken, kms I didnt have the css stored (I was using the translucent one deividas made) but I think Ill just stick with the new design for now |
Freddy Nicholas said: have control, be yourself, god is dead |
| Awwww yeahhh :D Xinil said: Why doesn't the "secured" symbol appear on profile/forum pages? This is due to mixed content on the pages (images in the About Me / posts which are from non-HTTPS sources). We decided it would be unnecessarily restrictive to require all images embedded by users to come from HTTPS sources. I don't think it's unnecessarily restrictive, given that there are quite a few image hosting services that serve their images over HTTPS (Imgur is one that comes to mind). And really, if your goal is to make browsing more secure on MAL, not having mixed content should be a given (even with the minor inconvenience of finding an SSL image hoster). |
More topics from this board
» [Challenge] You Should Read This Manga 2024 ( 1 2 3 4 5 )Kineta - Feb 23 |
205 |
by stobagen
»»
1 hour ago |
|
» Try MAL's New Mobile Site! ( 1 2 3 4 5 ... Last Page )Xinil - Feb 15, 2015 |
422 |
by Hayukoo
»»
Today, 8:30 AM |
|
» Planned 5hr Maintenance, Thursday April 25 @ 1am-6am PTKineta - Yesterday |
0 |
by Kineta
»»
Yesterday, 8:10 PM |
|
» New Site Update: Peak Anime 🗻 ( 1 2 3 4 5 )Kineta - Mar 31 |
213 |
by Lancelot73
»»
Apr 21, 4:28 AM |
|
» Heavenly Easter Delusion: Devil and Dolce ( 1 2 3 4 5 ... Last Page )Kineta - Mar 27 |
3332 |
by Terra_strong
»»
Apr 17, 8:26 PM |