Author Topic: Forcing HTTPS on all OPU websites going forward  (Read 14780 times)

Offline BlackBox

  • Administrator
  • Hero Member
  • *****
  • Posts: 3093
Forcing HTTPS on all OPU websites going forward
« on: March 11, 2019, 05:28:26 PM »
As of just now, I've enabled forced redirection to HTTPS on all OPU websites (the main site, forum, and wiki), e.g. if you go to http://forum.outpost2.net/ you will be redirected to the HTTPS version of it, in order to improve security (we're long overdue for such a change, it's 2019 and nobody should be using browsers that don't support SSL anymore).

I expect that this change should be mostly invisible to users, but it's possible you may have to log in again if you selected "remember me" on the forums. Please let us know if you experience any problems.

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4954
Re: Forcing HTTPS on all OPU websites going forward
« Reply #1 on: March 12, 2019, 04:31:29 AM »
I am very pleased to see this.

I noticed the topic reply email notifications often linked to http rather than https. It was inconsistent though. Usually it linked to http, but sometimes it linked to https. I'm wondering if it depended on the settings of the poster, or the sub-forum the post was in.

Offline Crow!

  • Jr. Member
  • **
  • Posts: 74
Re: Forcing HTTPS on all OPU websites going forward
« Reply #2 on: March 16, 2019, 01:19:00 PM »
Edge now complains that the Post Reply page is "Not secure" because "Some content on this page is not encrypted, which makes it possible for others to see or change information you share with this site."  I don't remember that warning showing up before.
Speedruns, my FFIV game randomizer, and more can be found at my twitch page:
https://twitch.tv/iicrowii

Offline leeor_net

  • Administrator
  • Hero Member
  • *****
  • Posts: 2350
  • OPHD Lead Developer
    • LairWorks Entertainment
Re: Forcing HTTPS on all OPU websites going forward
« Reply #3 on: March 16, 2019, 03:26:37 PM »
That's because Edge is stupid about things like an image reference not being HTTPS. Chrome doesn't whine about this. Actually I don't think any other browser whines about this.

Anyway, it's safe to ignore the warning message though I'll look into the back end and see if I can clean that up. Your connection is secure as is the password field, etc. Edge is complaining about images that are being referred to via HTTP vs HTTPS.

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4954
Re: Forcing HTTPS on all OPU websites going forward
« Reply #4 on: March 17, 2019, 07:02:40 AM »
Good job Leeor on figuring out it may be image links. Perhaps we need to update links to omit the protocol part, so it defaults to HTTPS when the page is HTTPS. I'm assuming in site links here. I don't imagine off site links would produce the same problem.

Crow, a specific example page where this happens might be helpful.

Offline leeor_net

  • Administrator
  • Hero Member
  • *****
  • Posts: 2350
  • OPHD Lead Developer
    • LairWorks Entertainment
Re: Forcing HTTPS on all OPU websites going forward
« Reply #5 on: March 17, 2019, 06:55:10 PM »
I'm 100% sure it's image references, I've had this problem before on other forums that I managed and when you investigate you see it's usually images for buttons, smilies, that sort of thing.

I'm hoping this week at work isn't as grueling and I don't get any more news bombshells dropped on me so I can actually get some work done on... well anything. Been a rough week so it's been very unproductive for me.

Anyway, will keep everybody posted as I get through the CSS and forum software code.

Offline BlackBox

  • Administrator
  • Hero Member
  • *****
  • Posts: 3093
Re: Forcing HTTPS on all OPU websites going forward
« Reply #6 on: March 19, 2019, 10:11:39 PM »
I was able to fix this issue (looks like Chrome does report "mixed content" warnings in the developer console when loading HTTP resources on a page that is served over HTTPS).

It turns out I just needed to update some setting in the "smileys" section of the admin tools for the forum which happened to contain a hardcoded "http://" URL., so this problem should be sorted now.

Please continue to let us know if you run into any other issues.

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4954
Re: Forcing HTTPS on all OPU websites going forward
« Reply #7 on: March 20, 2019, 01:29:24 AM »
Thank you for fixing that so quickly!  :) :) :)
 :D :D ;D ;D
 ;)
 ::)
 :P