A member alerted us on the following bug:
When clicking "FB Like", the number increases on the site, but when you go on FB, it will display the following:
"Francois likes https://example.com/page/to/like on example.com."

the areas seem very confusing to me - especially that they are entered independently of the mandatory suburb and postcode

do these area make sense and could we just determine them from the suburb?

Static assets are currently being served from Heroku, over SSL.

This will be very, very slow, and require an inordinate number of workers. Heroku SSL is slow.

Suggest S3, Cloudfront or even better, an Australian CDN. Remember SSL must be supported.

All the email triggers sent from http://qldfloods-preproduction.heroku.com/ currently have links to http://floodhousing.heroku.com/.

Any HTTP requests to the app, or any requests to the many additional domains which point to the app, must redirect to https://www.ozfloodhelp.org/

The production branch should have a new secret. Otherwise someone can just look at the public repo and access people's accommodation pages, smash cookies, and be a dick.

IE shows "display blocked content" , chrome says that page contains insecure content etc

put them down the bottom since they slow down loading of page?

In the offer accommodation page, we've written that Australia is still undergoing flooding.

New verbiage!

either by remembering what they enter or by implementing a tick box system where they can select multiple hosts and send 1 email

http://qldfloods-preproduction.heroku.com/accommodations/9/edit

The availability listing is styled all over the page, making it unusable.

e.g. If you forget to click the terms and conditions check box and then submit, you are taken to the top of the page and its not obvious something is wrong.

curl rejects the certificate

ie 6, 7 and 8 display errors related to '*.heroku" certificate

firefox rejects the CA certificate

chrome and safari seem fine

in IE 6/7/8 - if i go to ozfloodhelp.org or ozfloodhelp.org.au - site shows a certificate error, saying the address on the certificate does not match the site. certificate common name is *.heroku.com

in Firefox, if i go to ozfloodhelp.org, the certificate is fine (common name is www.ozfloodhelp.org)
but if i go to ozfloodhelp.org.au , I get certificate error and see that heroku.com cert

A member (Brian Kelly [email protected]) has alerted us on the following:

The 'Post my offer on the website please' link returns the message 'HTTP 406 Not Acceptable

Should include items for offering assistance and searching for assistance so they appear as immediate actions on search engines.

Twitter share link includes mixed-mode assets when under HTTPS.

This causes all kinds of security warnings, which is exactly what we don't want.

This bug should probably be split up for each page, with descriptions of what their titles should be.

I'll go through the site first thing in the morning and write down any final text changes we need to make before going live; will put in a word doc and upload to campfire. Is someone able to go through and make them? Thanks!

Users should have to confirm their email address in order to list their accommodation on the site.

Otherwise we risk all kinds of nasty, as explained by Scott H in the following chat transcript:

Rob H. Scott Robinson: And it's necessary for unspamminess?
Scott R. Otherwise, you'll get listed in five seconds.
Rob H. i mean it's a good idea, no doubt
oh right
Scott R. @rob As in, if we get any traction
Rob H. by spambots
Alex C. Without double opt in, we can go live and fix it as a first incremental change.
Scott R. then rbls and spam bots and everyone else will check our site
Alex: No.
Alex: What happens is if you get traction
Alex: Which is to say, even a thousand e-mails to a few large domains
Alex: Then your site will be checked.
Alex: And if you aren't already COI, then you will be listed.
And it's fucking hard to get unlisted.
And it takes from days to weeks.

snip

Group consensus ensued.

Perhaps, "Post Listing" or something?

Email links must point to the correct HTTPS address on the site.

Otherwise they will NOT work once the secure redirect is in place.

NB: you will probably not be able to reproduce this on staging.