EEVblog > News/Suggestions/Help

SERVER SSL Upgrade

(1/14) > >>

EEVblog:
gnif will be installing SSL support on the server shortly.
This is a thread to discuss issues and rejoice for those who have been asking for it.

gnif:
Note: This does not mean the website will enforce SSL usage, there will still be things to verify/check update, etc. before we can do this.

amspire:
Enabling SSL will result in many threads being marked on the browsers as insecure. To get the proper green SSL icon in your address bar, everything on the page has to be SSL. If there are links to non-ssl images, the page does not get the  green SSL icon, and if you left click on the greyed icon, it will say "This connection is not protected".

If you look into the details, it will say something like "This site has unprotected content".

If there is a link to an image on a remote site, the address bar SSL icon will be green as long as the remote image address is also SSL.

Probably impossible to get around this with old threads, and for new threads, to get the green SSL icon, you would have to insist on https:// links only.

Edit: many users have uploaded images, and then posted the image address into their post to get the full sized image. All of these addresses start with "http://www.eevblog.com/....", so they will force to SSL icon to grey. It may be possible to write a script to find these links, along with links to other posts, and turn them into relative addresses to make them SSL compatible.

EEVblog:

--- Quote from: amspire on March 31, 2017, 05:45:33 am ---Probably impossible to get around this with old threads, and for new threads, to get the green SSL icon, you would have to insist on https:// links only.

--- End quote ---

In that case it's impossible to police, nor should we even try.
It's a public forum, the content doesn't have to be protected, just that some poeple are paranoid about their login details etc.

gnif:

--- Quote from: amspire on March 31, 2017, 05:45:33 am ---Enabling SSL will result in many threads being marked on the browsers as insecure. To get the proper green SSL icon in your address bar, everything on the page has to be SSL. If there are links to non-ssl images, the page does not get the  green SSL icon, and if you left click on the greyed icon, it will say "This connection is not protected".

If you look into the details, it will say something like "This site has unprotected content".

If there is a link to an image on a remote site, the address bar SSL icon will be green as long as the remote image address is also SSL.

Probably impossible to get around this with old threads, and for new threads, to get the green SSL icon, you would have to insist on https:// links only.

Edit: many users have uploaded images, and then posted the image address into their post to get the full sized image. All of these addresses start with "http://www.eevblog.com/....", so they will force to SSL icon to grey. It may be possible to write a script to find these links, along with links to other posts, and turn them into relative addresses to make them SSL compatible.

--- End quote ---

This is not entirely correct, links to other sites do not have to be https, only embedded content, such as links to youtube, which is handled by the forum dynamically so this is no issue. As for manual entries in the database we have four options:

1) Search and replace across the database to replace the links we can.
2) Use mod_pagespeed to rewrite the links
3) Tell cloudflare to rewrite the links.
4) Serve the header 'Uprade-Insecure-Requests' which makes the client browser rewrite them to https.

Normally a combination of 1 & 4 are the best.

We have had many ways to deal with this over the years, it is not a big issue. Also not many people know this, but a valid url can be "://somesite.com" (note the lack of http/https) and the browser will auto-select the correct protocol based on how the page was loaded.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version