Archive for August 24, 2017

HTTPS-a-palooza And What Are We Doing About It

So, you’ve heard about it by now, right? Riiight? The upcoming Chrome browser release, version 62 – slated for October 17, will give a warning when a user lands on a non-https page which contains forms. FireFox, Edge, and other modern browsers will follow suit as well, and warn users when they land on forms which are not loaded over https. Let’s go over what this actually means since there is a lot of confusion about this on the Internet.

What will the Chrome update do in October?

First, it is important to understand what this means in practical terms. Starting with this mid-October update, Chrome browsers will flag as insecure *only those pages that have forms in them but which are not loaded via https*. Pages that have no form elements will be unaffected, i.e., there will be no warning on these pages even when they are loaded over http vs. https.

While this change is a decision made by the browsers and their respective companies, not Springshare, we fully support moving to a more secure / safer communication protocol between servers and browsers. We’re proactively prepping our tools and you, our clients, to ensure a smooth transition to an all-https mode for the Springshare platform.

How does this affect your Springshare tools?

Your Springshare product sites will be affected. For example, the systems have search boxes, which are forms. Therefore, the warning will be displayed if you are not loading that site over https. If you’re using a Springshare owned domain (e.g., libguides.com, libanswers.com, etc.), you can start using https now. If you’re using a custom domain (e.g., ask.mylibrary.org, research.university.edu), you’ll need to work with your IT department to obtain an SSL certificate to load the site over https. More on domains is below.

In addition, you’ll want to check any widgets you’ve added to the systems (other vendor/site widgets, like those from subscription databases, social media sites, etc.) to see whether they are http or https, as non-https widgets will also trigger the warning. If they are not https, check with that vendor/site to see if they offer an https option. Springshare widgets/APIs are either protocol-less (meaning they’ll work on both http and https pages) or are already https. See our FAQ for more info.

v1 systems (LibGuides v1, LibAnswers v1, LibAnalytics)

The best advice we can give you is to move to v2. It’s a free update and the v2 platform is better, more secure, faster, feature rich…so there is no reason to stay on v1. If you’d like some assistance, our support team can help you figure out how to do it in the quickest way possible. We also have dedicated training sessions and step-by-step migration guides (LibGuidesLibAnswersLibAnalytics) to walk you through the entire process.

For v1 systems on libguides.com, libanswers.com, or libanalytics.com, you have some breathing room because Springshare owned domains support https by default. So, even if you do not migrate to v2 by mid-October, you will still be ok. You’ll just need to start linking to your site using https instead of http.

For v1 systems that have custom domains, you must migrate to v2 before October to avoid https issues, then follow the steps below. We do not support SSL certificates for custom domains for v1 systems.

V2 systems

If your v2 system is on a Springshare owned domain – libguides.com, libanswers.com, libcal.com, libwizard.com, libsurveys.com, libinsight.com, libstaffer.com, libapps.com (phew, we have a lot of domains!) – you’re good to go! These domains already have SSL/https support built-in, so you can update all links to / within your system to https links now. For example, springylib.libguides.com is on a Springshare-owned domain, so I can link to that now via https.

If your v2 systems have custom domains (e.g., ask.mylibrary.org, calendar.university.edu), then you must install an SSL certificate before October 17, 2017 in order to avoid warnings. For example, support.springshare.com is a LibGuides CMS site using a custom domain. For custom domains, you’ll need to work with your IT colleagues to obtain an HTTPS certificate for each custom domain.

You own your domain and thereby you own the certificate, too…we just install it on our servers when it’s ready. If – gasp – you ever decide to cancel any of your Springshare tools where you have an HTTPS certificate, you still own your certificate(s) and can move it/them to any other server.

LibGuides v2 on a Custom Domain

Good news! Last week we introduced a new LibApps Admin feature, Manage Domains, where you can manage your custom domains (LibGuides / LibAnswers / LibCal) and https certificates (LibGuides)! Head to LibApps > Admin > Manage Domains to get started and (of course!) to our guide to learn all about it.

LibAnswers v2 and LibCal v2 on a Custom Domain

By mid-September we’ll release an update that will allow LibApps Admins to install and maintain SSL certificates for LibAnswers and LibCal as well, so it won’t be LibGuides-only for long!

If you really, really need to get SSL certificates installed for LibAnswers or LibCal immediately and cannot wait until mid-September, please contact us and we’ll work with you to install it manually. It’s a bit of a process, but it can be done, so do not hesitate to reach out if you need it ASAP. If you can wait until mid-September, however, you’ll be able to handle the install yourself.

LibWizard, LibInsight, LibStaffer, LibCRM

These products do not have a custom domain option, so nothing needs to be done! These products support https by default.

This domain information and info on widgets/APIs for each app can also be found in our FAQ on the topic.

We hope this post is useful in helping you prepare for this mid-October Chrome update. The new version of Chrome will bring about some changes, but it’s important to realize that it is not as bad as people might first think. If your page doesn’t have form elements it will be unaffected. You should still move to https because it’s just good web practice these days and it will make your system more secure. We are here to help, as always, so please do not hesitate to reach out to our support crew with any questions.

Onwards and upwards, and thanks for being on board!

LibGuides Accessibility Updates, AZ Page Stats, HTTPS Certificates and more!

Accessibility fixes

This week at Springy HQ we are pleased to bring you the following accessibility fixes. Our first pass of fixes in the last few months focused on “errors” on all public pages; this pass hits the E-Reserves module as well as many things classified as “alerts”—things that could technically adhere to guidelines but needed examining. See something else we need to consider? Let us know! Click the Support tab on any admin-side LibGuides page to send us a ticket.
Please include:
  • Name of the accessibility tool you’re using
  • Description of the issue, including any code snippets that trigger the alert
  • Screenshot of the accessibility tool’s overlay highlighting the issue, if possible
  • URL of the page (included automatically if you use the Support form)
To ensure that content that you add keeps your guides accessible, please see our help guide on LibGuides and Accessibility accessible as well as the upcoming training session on the topic.
E-Reserves fixes
  • We rebuilt the E-Reserves request form using plain HTML & Bootstrap select menus, eliminating several issues with keyboard and screenreader navigation.
  • We eliminated a few errors and alerts on the main E-Reserves listing page and on course pages.
  • We changed the H4 element used to mark up the number of courses shown to an H2 to maintain proper page outline.
Public Pages fixes
  • We’ve replaced the select menus on the Subject and Profiles by Subject pages with simpler HTML that eliminates several alerts and errors.
  • We changed an H4 tag on the Subjects page to H2 in order to maintain proper outline order.
  • We added a missing ARIA label on the system homepage and changed the Sort control to a <div> rather than a <form> tag.
  • We removed a hidden field that was triggering a “redundant ALT text” alert.
  • We wrapped the profile image and name together in a single link tag to eliminate the “redundant link” alerts.
Gallery boxes
  • We incorporated an updated version of the component used in Gallery boxes as it contained several accessibility updates.
  • We changed the slide title field to H3 since the box title is H2, to maintain proper outline order.
A few changes might require the updating of your system’s CSS and custom templates, but only if you make extensive use of CSS and custom templates. Most folks won’t have to worry about these! Here are the gritty details, should you need them:

CSS Changes:

System & Group Home Pages
WAS:
The element around the “Display” area, which allows you to control the order in which guide lists are displayed should not have been a <form> element.
NOW:
It is now a <div> element, so any customizations targeting the form element should be updated to use <div> instead.
Gallery Boxes
WAS:
Slide titles were <h4> elements.
NOW:
This is now an <h3>, following proper sequential numbering of heading tags on the page.
E-Reserves – er.php
WAS:
“Search for Courses” label next to the search box was a <span> element.
NOW:
This is now correctly in a <label>. Heading above the list of courses, subjects, etc., was an <h4> element. This is now an <h2>, following proper sequential numbering of heading tags on the page.
E-Reserves Request Form – er_request.php
WAS:
We had been using a component for some of the select options on the page that we determined was not accessible to screen readers / keyboard navigation. It had its own set of classes, which all started with “select2”.
NOW:
We’re using simple HTML styled by Bootstrap’s default classes. All classes starting with “select2” are removed. These include: select2-drop, select2-display-none, select2-with-searchbox, select2-drop-active, select2-offscreen, select2-input, etc.
Password-Protected Pages – Groups, Guides, Courses
WAS:
The message prompting users to enter the password (above the text box) was not in a <label>.
NOW:
That text correctly has a <label>, as it is associated with the password input below. Any CSS changes should target the <label> element.
Profile Landing Page – prf.php
WAS:
“By Subject” dropdown was using a component that we found was not accessible to screen readers / keyboard navigation. It had its own set of classes, which all started with “chosen”.
NOW:
We’re using simple HTML styled by Bootstrap’s default classes. All classes starting with “chosen” are removed. These include: chosen-select, chosen-container chosen-container-single, chosen-default, chosen-single, etc.
Profile names are not linked, so style changes could be made using:
div.s-lib-profile-nameProfile names are now linked to their profile (in addition to the picture being linked), so any style changes to the profile name must be adjusted to include the anchor tag:
div.s-lib-profile-name a
Subjects Pages: sb.php and individual subject pages
WAS:
Subject dropdown selection was using a component that we found was not accessible to screen readers / keyboard navigation. It had its own set of classes, which all started with “chosen”.
NOW:
We’re using simple HTML styled by Bootstrap’s default classes. All classes starting with “chosen” are removed. These include: chosen-select, chosen-container chosen-container-single, chosen-default, chosen-single, etc.  Headings above the list of guides, databases, etc., (“Showing x guides”, etc.) were <h4> elements. This is now an <h2>, following proper sequential numbering of heading tags on the page.

Template Changes:

Both the Profile and Subject pages now have ARIA labels for the <section> tags. If you are using the default templates, you do not need to make any changes to implement this update. Default templates automatically update.

If you have customized these templates, however, you will need to update your template to include the accessibility update, as outlined below.

Right now, each of these is coded as simply <section>. Now they are coded as follows. You can update customized templates to reflect these changes at any time.

Profiles Templates:

Main Landing Page – prf.php:

<section aria-label=”List of Profiles”>

Individual Profile Page – prf.php?account_id=x
<section aria-label=”Profile Content”>

Subjects Templates:

Search Bar:
<section aria-label=”Subject Search Bar”>Content area below Search Bar:
<section aria-label=”Content by Subject”>

Manage Your Domains!

New in LibApps is the ability to view and manage your systems’ domains, including the ability to add and change custom domains and upload a custom HTTPS certificate for LibGuides. Need a certificate installed for your LibCal or LibAnswers system? No sweat! Please email us at support@springshare.com or open a ticket by clicking the Support tab from the admin side of your product. We’ll get you set up right away, and the ability to manage these certificates on your own will be coming soon.
So what can you do on the new Manage Domains page? Go to LibApps > Admin > Manage Domains to:
  • View the domains for all your Springy apps
  • Add or change a Custom Domain Mapping for your LibAnswers, LibCal, or LibGuides site(s)
  • Create a Certificate Signing Request in order to request a custom HTTPS certificate for your LibGuides site with a custom domain
  • Manage the current HTTPS certificate for your LibGuides site with a custom domain
Also see our help guide on the topic.

Databases Page Stats

We’re pleased to add a long-awaited addition to your statistics interface: A-Z Databases Page hits. These stats show how many hits are made daily or monthly to your AZ list. From August 16, they also show the referring URLs, when that data exists.
Screenshot: the A to Z databases page stats include a graph and data table of hits to az.php

Other Fixes and Features

This release also included:
  • LibAuth:
    • The ability to specify a custom port for SIP2 and LDAP LibAuth configurations.
    • Automatic updating of LibAuth certification fingerprints and IdP configurations.
    • Now when you view an E-Reserves Course’s settings, you’ll see the name of the default LibAuth configuration, if one exists.
  • Resumption of the ability for customers to enter translation files for us. Interested? Please get in touch!
  • Ability to limit AZ Holdings Analysis to library type and location.

LibAnswers Update Live!

Happy August everyone! We rolled out a couple of small LibAnswers features and a handful of bug fixes today – check it out…

Features:

  • Knowledge Base Explorer: The Queues filter now has a “Select All” option…especially helpful for folks who have a lot of Queues!
  • Answer Page > Tags: For systems where tags are not locked down, when typing in a tag, the list of matching tags is now listed by popularity.

Fixes:

  • Answer Page > Rich Text Editor: Restoring a draft while there is text in the Rich Text Editor now correctly adds the draft to the existing text instead of, well, not adding it at all (it was left as a draft), which isn’t as helpful.
  • System Status Management (SSM) Fixes:
    • You can now select a keyword when opting to have a widget display FAQs by Keyword, since that’s the whole point of the option.
    • If you add a heading to your product widget, that field now displays when using the widget.
    • Have products in folders? Clicking them now appropriately brings user to the page for the product vs. just closing the folder, which isn’t as effective, from a user perspective.
    • Users no longer get stuck seeing the “Loading…” message when submitting questions, problems, or praise in product widgets. They appropriately see the confirmation message instead.
  • When downloading files in Firefox, the file is now helpfully associated with the appropriate program by default if you choose to open it, instead of needing to download it first, then open it.

LibCal Equipment Booking Update Coming Your Way

On the heels of last month’s major LibCal Spaces update, this month we’re bringing the same types of accessibility and mobile-friendly updates to the Equipment Booking module! 🙂  This required some changes to the Equipment Booking grid and the booking details / confirmation pages, so if you’ve customized those, you’ll want to check your system post-update on August 16, 2017 (U.S. time) to make sure everything looks as it should. Remember, we’re here to help if you have any questions.

Here’s what’s new:

  1. The screens for Equipment Booking (the availability grid and the checkout process) are now fully accessible and mobile-optimized. The previous version was not fully up to par in this regard. We apologize for this omission, but we worked hard to address this problem quickly.
  2. Major API improvement: check whether or not the booking will go through, before actually making the booking! (This is applicable to the Spaces and Equipment APIs.)
  3. Admins can set up LibAuth rules on a Category-level and individual Item-level for Equipment pieces.
  4. Category-level mediators and visibility settings now available in Equipment Booking. Previously, the mediation and visibility was setup at the Location level only. This update introduces the same settings on the category level, for additional flexibility in organizing your Equipment Booking rules.
  5. Availability grid colors (for available slots, booked/unavailable slots, and “your selection” slots) are now customizable via color picker. The customized colors appear on both the public and admin sides of the system. Head to Admin > Equipment & Spaces > Settings to find these options.

Get Trained / Take a Tour
Note: All times listed are U.S. EDT.

Attend an Equipment Booking training webinar!

Next Sessions: Wednesday, August 16, 2017:

Don’t have Equipment Booking yet? Take a tour!

We’ve also squashed several bugs and shined up some screens:

  • When exporting lists of events via CSV, HTML is now stripped from the event description text.
  • Closing hours no longer overlap with opening hours, so there’ll be no more entering the 4th dimension of the space-time continuum!
  • The “system time” format now displays consistently in all modules (spaces, equipment booking, events, hours).
  • The “Add Item” button no longer shows when Equipment Booking is disabled.
  • Event organizer profiles now show on event pages when LibAuth is enabled.
  • My Scheduler widgets now display properly within the LibApps LTI tool.
  • You can now use calendar widgets from different locations on the same webpage.
  • Fixed an issue where recurring bookings sometimes couldn’t be created before existing bookings.
  • Fixed a display problem with the “no timeslots are available” message in widgets.

In addition to all of these changes and fixes, we’ve made further iterative improvements to the speed of the system, so the screens are now even zippier and more responsive. After August 16th, LibCal will be an even better calendaring and booking platform for libraries, but our work is not done. Your amazing feedback, suggestions, and ideas are central to our success, so please keep them coming! In the upcoming months we’ll release more updates based on customer feedback, so you can expect more good things to come LibCal’s way.

Thanks to everyone who contributed the ideas that went into this release! 🙂

-The Springshare Crew