Implementing HTTPS

BlueSwordM

BlueSwordM

Member
Joined
Jul 5, 2017
Messages
423
Hi everybody. BlueSwordM again.
So this might be important. Is there a way you could implement HTTPS in the site? Because every time I log in, there's a popup dialog telling me that the connection isn't secure.
Thinking about it a bit more, it would be very important to implement HTTPS just for a matter of security.

Thank you if you fulfill this request.
 
I did load a certificate a while back
https://secondlifestorage.com/

The issue with using it is that all resources on the page need to be https. This is easy to do with stylesheets, javascripts and site images. It becomes a problem with people uploading avatars, images in their signature, and general posting embedded images on the forum. These will all generate an "unsecure content" while browsing.
 
I never had an issue to that warning. I use latest version of Chrome and FireFox sometimes. Nothing showed up. What browser are you using?
 
Korishan said:
I never had an issue to that warning. I use latest version of Chrome and FireFox sometimes. Nothing showed up. What browser are you using?
Click to expand...

We don't have https enabled. If you click the https link here, you'll see all of the errors. If you right click and go to inspect, then click console, you'll see a massive dump of warnings/errors.
https://secondlifestorage.com/
 
Most of those errors are for mixed content. ie either go all in https and change all links to https or in the js code you add so that on https you also load the js files from https :)

So basically just migrate it all over to https and change to https for all content loading and it should be fine. Or add a js snippet that change all http to https :)
 
daromer said:
Most of those errors are for mixed content. ie either go all in https and change all links to https or in the js code you add so that on https you also load the js files from https :)

So basically just migrate it all over to https and change to https for all content loading and it should be fine. Or add a js snippet that change all http to https :)
Click to expand...

Yes, that's easy. You're missing the point though. What's going to happen when Korishan decides he wants to post pictures of his powerwall and uses some random 3rd party image site like photobucket and now that page generates a whole list of warnings because the embeded images he just added are not https?
 
That is a bit of hassle but can be sorted to.
* Deny all sites not using https or do support it (perhaps not ideal)
* proxy the data not being on sites allowing https. Rest just changed.

There are a couple of free image proxies out there if you dont want to host/cache it yourself.

But in the end the question is if its needed. We really dont host any bank details and i hope most people dont use same password here as on their bank page :)
 
daromer said:
That is a bit of hassle but can be sorted to.
* Deny all sites not using https or do support it (perhaps not ideal)
* proxy the data not being on sites allowing https. Rest just changed.

There are a couple of free image proxies out there if you dont want to host/cache it yourself.

But in the end the question is if its needed. We really dont host any bank details and i hope most people dont use same password here as on their bank page :)
Click to expand...

I already wrote one of these for an unrelated project. We will switch eventually, which is why I loaded the certificate. You probably haven't noticed unless you started looking at the html, but some things are already https. For example, all image files served through our image hoster thing are https. We just need to change a lot more things before we can change the mail URL for the site.

As for needing it, no we really don't "need" it, but why not have it? There's no good reason to NOT have a secure connection in 2017.
 
Yeah i saw that some parts were moved. I have done my fair part in web-dev :)

Dont take me wrong on the need part. I do prefer S connections all the way if you can. Especially on sites that have public logins.
And i know how much work it is since i have done that type of things several times before :)

I cheer for every bit of work you do here Mike. I dont have that time to contribute since i know how much it is.

Edit: Sorry Mike I just saw that you had answered in between my answer. So i missed that and it perhaps caused confusion. Sorry for that!
 
You must log in or register to reply here.
Back
Top