Outpost Universe Forums
Community => News => Topic started by: BlackBox on March 11, 2019, 05:28:26 PM
-
As of just now, I've enabled forced redirection to HTTPS on all OPU websites (the main site, forum, and wiki), e.g. if you go to http://forum.outpost2.net/ you will be redirected to the HTTPS version of it, in order to improve security (we're long overdue for such a change, it's 2019 and nobody should be using browsers that don't support SSL anymore).
I expect that this change should be mostly invisible to users, but it's possible you may have to log in again if you selected "remember me" on the forums. Please let us know if you experience any problems.
-
I am very pleased to see this.
I noticed the topic reply email notifications often linked to http rather than https. It was inconsistent though. Usually it linked to http, but sometimes it linked to https. I'm wondering if it depended on the settings of the poster, or the sub-forum the post was in.
-
Edge now complains that the Post Reply page is "Not secure" because "Some content on this page is not encrypted, which makes it possible for others to see or change information you share with this site." I don't remember that warning showing up before.
-
That's because Edge is stupid about things like an image reference not being HTTPS. Chrome doesn't whine about this. Actually I don't think any other browser whines about this.
Anyway, it's safe to ignore the warning message though I'll look into the back end and see if I can clean that up. Your connection is secure as is the password field, etc. Edge is complaining about images that are being referred to via HTTP vs HTTPS.
-
Good job Leeor on figuring out it may be image links. Perhaps we need to update links to omit the protocol part, so it defaults to HTTPS when the page is HTTPS. I'm assuming in site links here. I don't imagine off site links would produce the same problem.
Crow, a specific example page where this happens might be helpful.
-
I'm 100% sure it's image references, I've had this problem before on other forums that I managed and when you investigate you see it's usually images for buttons, smilies, that sort of thing.
I'm hoping this week at work isn't as grueling and I don't get any more news bombshells dropped on me so I can actually get some work done on... well anything. Been a rough week so it's been very unproductive for me.
Anyway, will keep everybody posted as I get through the CSS and forum software code.
-
I was able to fix this issue (looks like Chrome does report "mixed content" warnings in the developer console when loading HTTP resources on a page that is served over HTTPS).
It turns out I just needed to update some setting in the "smileys" section of the admin tools for the forum which happened to contain a hardcoded "http://" URL., so this problem should be sorted now.
Please continue to let us know if you run into any other issues.
-
Thank you for fixing that so quickly! :) :) :)
:D :D ;D ;D
;)
::)
:P