RS Companion web browser
Quick find code: 278-279-325-65980875
It's just loaded in an iframe on the page you load. Can I turn in a paper without citing all sources?
"No." ~ William Shakespeare, Hamlet, Act III, Scene 1, line 96.
I've attached a screen shot showing that FireFox does not care that the iframe on the page references an https page:
Since the Companion Web App runs in a frame-based environment anyway, we're talking about securing a single page hosting the iframe. Then again, if later interfaces in the frame aren't secured, we could run into a "Mixed Active Content" scenario with http iframes embedded into an https page. The current login form is being encrypted within the iframe, but we've lost the ability to confirm the secured connection with authentication from the SSL certificate on the server.
The best fix would be to use the already existing login system used on the rest of the site and allow it to hand off the session credentials to the Companion Web App, which means it would pretty much work like the rest of the site in that respect. Not to mention the peace of mind for the end-users.
Granted, this isn't a serious issue, but one the web development team could consider down the road at some point.
16-Jan-2018 05:38:28 - Last edited on 16-Jan-2018 05:41:48 by Spearmint30
As has been mentioned all of the login pages on all of our sites use HTTPS. Converting those pages to HTTPS/HTTP2 are goals we have in mind, although have to prioritise other tasks at the moment.
As for the companion app itself, as has already been announced due to mobile this service will shortly be ending and thus we are not going to be spending time on updating any of its services unless there is something significant enough that it requires urgent work.
Understandable. The features within the browser version of the companion are fine, just the page doesn't look "legitimate" I guess when compared to other parts of the site. I know you guys don't plan on really adding anything new it to it, but it may be worth to just add the URL under the companion app section of the site? I think currently it just links to the Google or Apple stores with no real mention or link to the actual web browser version. I'm sure that would only take all of maybe 5 minutes to do. I think everyone knows how easy it is to spoof a login site, and many people look to offical sites to ensure they aren't putting their credentials into a malicous site.
The app itself performs as required by Apple and the Google Play store. We've done all we can to ensure customers are safe and are sure where they are entering their data, but there's only so much we can do when adhering to Apple / Google guidelines or impacting on the users experience.
Downloading the app tells the user it was created by 'Jagex Games Studio' to further provide confirmation of security.
17-Jan-2018 09:30:24 - Last edited on 17-Jan-2018 09:32:06 by Mod Lyon