Pages: (5) 1 2 3 4 ... Last » ( Go to first unread post ) Add ReplyNew TopicNew Poll

 HTTPS Encrypted Browsing
#
Hey, just to clarify, a question:

So if DoHTML is enabled for posts, does every post containing a http-image have to be edited to https?

I'm talking about codes that use html, but whose css is externally linked, albeit the image is inserted in the post by html.

Thanks!
PM
#
QUOTE
So if DoHTML is enabled for posts, does every post containing a http-image have to be edited to https?

I'm talking about codes that use html, but whose css is externally linked, albeit the image is inserted in the post by html.


I tried to clarify that in this section:

https://jcink.com/main/wiki/https-encrypted...-posted_content

but it may have been confusing, sorry.

[img] bbcode tag, or <img> html tag inserted images served via http are OK.

Images inserted via css -- such as the background-image:url() property, will NOT even display over http, while on https.

This also goes for your own board's CSS.

The problem with this of course, is that as time goes, what is acceptable today may not be acceptable tomorrow. And could happen overnight. I realize it's really hard to force members to use https for all of their images as well, especially right now. I'm currently brainstorming ways to make this easier. Possibly automatically checking posted image URLs to see if https is supported on the host they're using, and then automatically replacing their link.

That's a problem though since the image hosts still have to get with the program of updating to https, too. Since we can't do this replacement if it doesn't exist.

ALSO. Externally linked CSS of any kind *must* be served over https, too.

signature
email: admin@jcink.com :: blog: John C.
#
Thanks for clarifying!

I asked, because the images on http are displayed (still), even though I'm on the https url. But I'll change them now to prevent future disaster http://files.b1.jcink.com/html/emoticons/wink.gif

This post has been edited by agenth: Mar 19 2017, 01:29 PM
PM
#
HTTPS "bugs" fixed http://files.b1.jcink.com/html/emoticons/smile.gif
  • Youtube videos in portal profiles weren't displaying, now being served over https.
  • "Insecure" lock icon on Admin CP's alternative skins. All are fixed now - css content being served over https
  • Arcade games not loading, was not served over https
  • Mobile Mode showing a broken lock icon, small image wasn't served over https
We have a lot of further work to do throughout the coming year, I'm sure, to identify things like this even though they are minor.

Let me know if while browsing the Admin CP, if you are not viewing your board index, macros, or similar page, the lock icon turns to a strike. The Admin CP, at the very least, should be 100% HTTPS at all times.

My plan is to force HTTPS on this forum sometime next month -- currently I'm forcing it on the website.

We will not be forcing HTTPS on user forums since that would be chaotic, but the default forum state for new registrations IS going to change. It's very bad that new forum users see "not secure" when they sign up.

signature
email: admin@jcink.com :: blog: John C.
#
I have gone ahead and enforced https on my image host to be ready for this change with schemeless links options. The main site, login forums, and all other parts of this image host (not just the CDN) is now secure http://files.b1.jcink.com/html/emoticons/smile.gif We're ready for this!
PM
#
Big update today everyone.

I configured a test domain/subdomain using the Let's Encrypt service today. And guess how much effort will be required from you guy's side to accomplish this? Zero, unless you count putting in a ticket and asking me to add your domain to our lets encrypt database and add it to our server configuration.

What about the 90 day issue? That's where the magic happens. Once I add your domain, it is set and done, and our Let's Encrypt setup is rigged to automatically renew it. No work on our part, no work on your part from there forward.

I still would love for this to be a fully automated process, through and through -- and we'll get there eventually, but today is a huge step. Since a large burden for domain owners will be effectively removed, both cost and maintenance wise, from our end as well as yours.

Note: I'm still not adding any domains yet but watch this thread. Have to figure out certain things like cleanup for old dead domains and other things related to keeping the system tidy.

Attached 1 File(s)
Attached Image

signature
email: admin@jcink.com :: blog: John C.
#
QUOTE (Leif @ Mar 25 2017, 01:01 PM)
I have gone ahead and enforced https on my image host to be ready for this change with schemeless links options. The main site, login forums, and all other parts of this image host (not just the CDN) is now secure http://files.b1.jcink.com/html/emoticons/smile.gif We're ready for this!

I'll most likely be moving all my images to your image host, then. Too lazy to constantly re-upload to imgbox/imgsafe just to upload theme images.
PM
#
Skin/Theme images should really be uploaded to the JFH File Manager and not image hosts though. Our file manager can serve the content over https, so it is a great option.

signature
email: admin@jcink.com :: blog: John C.
#
QUOTE (John @ Mar 28 2017, 12:13 AM)
Skin/Theme images should really be uploaded to the JFH File Manager and not image hosts though. Our file manager can serve the content over https, so it is a great option.

It's mostly for the ones that aren't on my hard drive anymore. New skins will have everything on the file manager.
PM
#
I've added a new feature to my host as well to help support this transition.

user posted image

Schemeless links are now a programmed option!
PM
#
Bug fixed:

Corrected an issue where the shoutbox was redirecting to http, breaking https.

signature
email: admin@jcink.com :: blog: John C.
#
I don't know why but mobile seems to have issues with HTTPS browsing on Jcink forums for me (using Chrome on Android; already using auto date & time so I know it's not that).
PM
#
I have not had any issues with mobile at all. Please describe what is happening.

signature
email: admin@jcink.com :: blog: John C.
#
user posted image
This is the error code that's blacked out - "net::err_cert_authority_invalid"

This is what it looks like when I choose to proceed:
https://i.imgbox.com/evlAlMqL.png

It might just be my phone being weird. I have no issues on my laptop just my phone.

This post has been edited by CamilleNicole: Apr 18 2017, 10:38 AM
PM
#
The error you are getting is that it's saying our certificate authority is invalid. Which means that your phone is not willing to accept the place we purchased our certificate from. I have no idea why this would be, as ours was issued by Comodo Group.

I tested Google Chrome on my iOS and it's working.

What version of Android are you using?

signature
email: admin@jcink.com :: blog: John C.
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Development News | Next Newest »

OptionsPages: (5) 1 2 3 4 ... Last » Add ReplyNew TopicNew Poll