Jump to content
Arix

Secure HTTP

Recommended Posts

Let's keep our passwords private; enable SSL for the entirety of RuneLocus. It is especially easy now with Let's Encrypt and the cert bot to protect any website.

Someone suggested CloudFlare, but I don't think that's necessary.

Share this post


Link to post
Share on other sites

It's cheap as chips if you have the money that is to buy a SSL certificate xD £14 a year or so for just 1 domain, and £57 for SSL wildcard (covering subdomains and such) this was from Namecheap though xD

Share this post


Link to post
Share on other sites

The forum is not self-hosted, but is hosted by IPS.

I'd have to ask them to enable it for us. Most likely won't be an issue, but I'd rather do it after my vacation and preferably also after high season. I don't want the site to end up with possible Mixed Content errors while I'm unavailable :-)

Share this post


Link to post
Share on other sites

Update: Forum is not on HTTPS. Some pages however contain Mixed Content errors, because e.g. your imgur-hosted signature is served over HTTP.

 

@Arix

Share this post


Link to post
Share on other sites
15 hours ago, Ikiliki said:

Update: Forum is not on HTTPS. Some pages however contain Mixed Content errors, because e.g. your imgur-hosted signature is served over HTTP.

 

@Arix

Image content is usually not served over HTTPS anyway. If you want to fix this, you should proxy images through your own HTTPS endpoint. There are plugins for this that rewrite urls.

Share this post


Link to post
Share on other sites
On 9/11/2018 at 12:57 AM, Arix said:

Image content is usually not served over HTTPS anyway. If you want to fix this, you should proxy images through your own HTTPS endpoint. There are plugins for this that rewrite urls.

Imgur also serves it over an SSL connection. Any major website typically will support it.

 

IE: https://i.imgur.com/sdlLhyP.png

Share this post


Link to post
Share on other sites
On 9/11/2018 at 8:57 AM, Arix said:

Image content is usually not served over HTTPS anyway. If you want to fix this, you should proxy images through your own HTTPS endpoint. There are plugins for this that rewrite urls.

Imgur supports https. I don't feel like proxying external images for that lock icon 😛

Share this post


Link to post
Share on other sites
7 hours ago, Murilirum said:

Imgur also serves it over an SSL connection. Any major website typically will support it.

 

IE: https://i.imgur.com/sdlLhyP.png

 

7 hours ago, Ikiliki said:

Imgur supports https. I don't feel like proxying external images for that lock icon 😛

Yes I'm sure it does. However, telling me to serve my images over HTTPS is not a solid way to make sure everyone else does to get rid of the warning that not all content on the website is served over HTTPS, which is an empty warning in itself. Even after changing my signature, this is still mixed content. Also, the security is using a deprecated SSL version.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×