-
#25 Reply
Posted by
gnif
on 31 Mar, 2017 09:34
-
-
#26 Reply
Posted by
hammy
on 31 Mar, 2017 09:40
-
@gnif & Dave: Thank you!
-
#27 Reply
Posted by
gnif
on 31 Mar, 2017 10:07
-
For those wondering what the issue is, SMF is correctly generating the URLs for things with http or https as required, but there is some post filtering going on somewhere that is rewriting the https links to http, I am tracing the cause now.
Edit: It appears the cause is 'Pretty URLs'
Edit 2: Confirmed, Pretty URLs is caching the URL rewrites, but is not caching the scheme, so its randomizing the URL schemes based on who loaded it first, either via HTTP or HTTPS
-
#28 Reply
Posted by
EEVblog
on 31 Mar, 2017 10:52
-
Edit 2: Confirmed, Pretty URLs is caching the URL rewrites, but is not caching the scheme, so its randomizing the URL schemes based on who loaded it first, either via HTTP or HTTPS
Is that fixable?
Pretty URL's is an important plugin.
-
#29 Reply
Posted by
gnif
on 31 Mar, 2017 10:53
-
Yes, I am digging through it now, I have already patched several locations that were a problem, should get to the bottom of it soon.
-
#30 Reply
Posted by
gnif
on 31 Mar, 2017 11:02
-
I had to:
1) apply a patch to make it cache the replaced URLs based on the presence of SSL
2) Discover it doesn't use the forums base url, but its own separate setting which it stupidly doesn't expose in the admin area.
update smf_settings set value = '//www.eevblog.com/forum' where variable = 'pretty_root_url';
Still yet to go through and check everything over before I give the 'Its working, look for bugs' update
-
#31 Reply
Posted by
gnif
on 31 Mar, 2017 11:11
-
Ok, seems good across the board to me, both SSL and non SSL.
Sorry If I come across a bit rash with my replies to reports, I just stress out a bit when things don't go as planned, I certainly do appreciate the testing and feedback provided by the community.
Edit: Also, if Dave ever decides to turn off CloudFlare the website will continue to just work, we have valid end to end encryption now.
Edit2: We are not serving the upgrade-insecure header to keep embedded off site images working, but we are complying with client's asking to upgrade from insecure, this will keep us completely backwards compatible.
Edit3: Seems the simley faces are always being served from http regardless, I will look into this tomorrow, I have had enough for tonight
-
#32 Reply
Posted by
PA0PBZ
on 31 Mar, 2017 11:32
-
I spotted what I think is a side effect of the changes: When reading the unread or unreadreplies link when you click on a post and then use the back button it reloads the list and the post you just read is gone. This is a bit confusing because it makes tracking where you are more difficult.
(I don't read all posts on the unread page, just the ones that interest me, and then simply use the back button on the mouse to go back to the list. When everything was still http: it showed me the same list everytime.)
-
#33 Reply
Posted by
gnif
on 31 Mar, 2017 11:35
-
I spotted what I think is a side effect of the changes: When reading the unread or unreadreplies link when you click on a post and then use the back button it reloads the list and the post you just read is gone. This is a bit confusing because it makes tracking where you are more difficult.
(I don't read all posts on the unread page, just the ones that interest me, and then simply use the back button on the mouse to go back to the list. When everything was still http: it showed me the same list everytime.)
My bet is you loaded that page via HTTP and when you hit back, it is going back to the HTTP page, which is then being upgraded to HTTPS. Did you perhaps go to the unread page via a bookmark? Btw I can not replicate the behavior you mention.
-
#34 Reply
Posted by
PA0PBZ
on 31 Mar, 2017 12:04
-
Nope, HTTPS all the way. It's only IE, Chrome and Firefox are fine.
(Yes I have to use IE for some undisclosed reason, but I can use chrome for the forum)
-
#35 Reply
Posted by
rrinker
on 31 Mar, 2017 13:55
-
Maybe I'm not interpreting what you posted correctly, but it sounds like what you are doing is similar to how I read the forum. Click on a sections, read the messages that interest you, then back out and go on to the next section. However, I never use back to get all the way out, I click in the nav tree just above the messages, because as long as I've been here, no matter what browser I use, if I just use the back button, it still shows flags the section as having new posts. If I actually use the tree to select the top level, or even the high level category, then the section I just was in will show as having no new messages (unless someone actually snuck in and posted). That happens for me with Chrome, IE, Edge, or Safari. Sometimes I forget and use the back button (easy when there's a back button right on the mouse) but in that case I can either revisit the section and go back via the tree or refresh the page. This does not appear to have changed with HTTPS.
-
#36 Reply
Posted by
PA0PBZ
on 31 Mar, 2017 14:12
-
I use the 'show unread posts since last visit' on the top of the page, that way I don't have to navigate the sections. If I click a post in that list and then go back with the (mouse) back button the post I just clicked is gone from the list, as if the list was generated again. This only in IE as I mentioned.
-
#37 Reply
Posted by
rrinker
on 31 Mar, 2017 14:37
-
That sort of sounds like it works as intended, but ONLY in IE - after all, if you've read the post, it no longer is unread and shouldn't appear on the list.
-
#38 Reply
Posted by
Monkeh
on 31 Mar, 2017 20:07
-
-
#39 Reply
Posted by
gnif
on 31 Mar, 2017 20:45
-
-
#40 Reply
Posted by
texaspyro
on 31 Mar, 2017 23:27
-
Paging Dr. gnif, notification links are missing their protocol: https://www.eevblog.com/forum/blog/notification-precated/
This is a known issue, I do not have time at current to look for a solution, it is a minor breakage and not a high priority at the moment.
A lot of email systems don't recognize the link as a link without the http: and you have to cut it from the email, paste it into the browser address bar, then edit it to include the http: A royal pain if you have a lot of notifications to check out.
Good luck on the https upgrade... I've been down that rabbit hole before and it's no fun to get all the issues sorted out.
-
#41 Reply
Posted by
bitseeker
on 01 Apr, 2017 02:52
-
Thanks for the SSL/TLS upgrade. If legislation in the US passes to allow ISPs to profit from our browsing activity, inject ads (or who knows what else) onto other sites' pages, etc., having end-to-end encryption will help.
-
#42 Reply
Posted by
magetoo
on 01 Apr, 2017 18:14
-
Is the long-term plan to turn off HTTP and go HTTPS-only? Asking because I'm noticing that everything except the initial page load (stylesheets, images) gets turned into HTTPS even when accessing the forum via HTTP. Except for the emoticons.
-
#43 Reply
Posted by
gnif
on 01 Apr, 2017 18:15
-
Is the long-term plan to turn off HTTP and go HTTPS-only? Asking because I'm noticing that everything except the initial page load (stylesheets, images) gets turned into HTTPS even when accessing the forum via HTTP. Except for the emoticons.
No, there is some inconsistency at the moment, but the plan is to fully support both.
-
#44 Reply
Posted by
magetoo
on 01 Apr, 2017 18:27
-
No, there is some inconsistency at the moment, but the plan is to fully support both.
Good to know. Some things seemed wonky (using HTTP going through a Squid proxy) but I'll hold off on complaining.
-
#45 Reply
Posted by
gnif
on 03 Apr, 2017 11:34
-
In what time I could find the last few days I threw together a mod for SMF that allows inserting post filter hooks, the website will now generate the correct URLs depending on if you visit using http or https.
The filter is a search and replace based on the forum URL, for example, if I post this:
https://www.eevblog.com/forumIt will be automatically changed to http or https depending on how you load this page, this should keep everyone happy. This filter only applies to URLs starting with "
www.eevblog.com/forum", everything else is ignored. If this causes any problems please post them here.
-
#46 Reply
Posted by
Ian.M
on 03 Apr, 2017 11:49
-
Many thanks. I've just commented out the link rewriter in my Greasemokey script and I'll see how it goes.
Would it be possible to post a list of SSL/TLS protocols and encryption methods the server now accepts, so those of us with legacy browsers can check compatibility against possible browser upgrades *BEFORE* installing them?
-
#47 Reply
Posted by
gnif
on 03 Apr, 2017 13:03
-
In what time I could find the last few days I threw together a mod for SMF that allows inserting post filter hooks, the website will now generate the correct URLs depending on if you visit using http or https.
The filter is a search and replace based on the forum URL, for example, if I post this:
https://www.eevblog.com/forum
It will be automatically changed to http or https depending on how you load this page, this should keep everyone happy. This filter only applies to URLs starting with "www.eevblog.com/forum", everything else is ignored. If this causes any problems please post them here.
If you implement local customisations to modify the standard SMF software then at each upgrade you'll always have to test and or retrofit them. It is generally better to suck up the pain one time and move on with simpler future upgrades. Better to dump some of the legacy stuff and simplify. Admittedly I don't really follow the http/https issues all that well.
Gnif: Even though I quoted you this isn't a criticism. Just a general observation. The quote was to carry the context.
They are not local customisations, I have written a proper package that integrates/installs/uninstalls and is tracked up the updater, there should be no issues.
That said, since it seems to be working I am going to disable the redirect if the browser states to upgrade requests, that way people can decide if they do or don't want SSL.
-
#48 Reply
Posted by
gnif
on 03 Apr, 2017 19:38
-
No complaints so far, everything seems good.
I made a small change so that the login URL is always https (including the one on the top banner), but it will still work with http if you really must use http, just drop off the 's' in the url.
Edit: Just picked up a small issue, when posting it posts to HTTPS, but redirects you back to HTTP, I will investigate this later if I can.
-
#49 Reply
Posted by
RayRay
on 03 Apr, 2017 19:42
-
But why is SSL not used by default? When loading the forum, it just loads it in plain-text (without automatically redirecting to https)