Pages: (5) « First ... 3 4 5  ( Go to first unread post ) Add ReplyNew TopicNew Poll

 HTTPS Encrypted Browsing
#
That's coming from the fact that some of your members are still utilizing the b1 url. To stop this, you might want to use a script that forces people to use not only https, but your jcink.net url as well. I'll try to dig up the script for that.

There is no way to set a "primary" url within JFH, there has never been a need, though with the https migration this is something we may need to address.

signature
email: admin@jcink.com :: blog: John C.
#
Thanks John! This would be hugely useful so we have everything working consistently, especially in prep for https migration.
PM
#
I have a new site opening so I have been going through and trying to make sure that everything is secure and using the https:// before launch and I noticed something while testing pages. I don't know if this is a glitch, or a known thing, or if my forum is just a snowflake because it was registered before March of this year, but I just wanted to make sure you know that many of the little pip images are not secure. I think this might be the b1.jcink problem mentioned somewhere though.

EG: In the mod CP, all the little images in the menu are unsecured:

CODE
http://b1.jcink.com/boardservice/html/sys-img/modcp/house.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/hourglass.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/flag_red.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/script_edit.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/delete.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/user.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/calculator_delete.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/page_white_delete.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/computer.png
http://b1.jcink.com/boardservice/html/sys-img/modcp/lock.png


In the default avatar:
CODE

http://files.b1.jcink.com/themes/default/users.png
http://files.b1.jcink.com/themes/default/posts.png
http://files.b1.jcink.com/themes/default/joined.png


I don't know if I can edit them but if you can I haven't found where.

For the ones I can edit, all the macros for the skin are not secure and when I try to change it, the images breaks.

EG: Changing
CODE
http://files.b1.jcink.com/themes/default/red-block.png

to
CODE
https://files.b1.jcink.com/themes/default/red-block.png

results in a broken image for me.

Once again, I haven't read through all the pages here. I just wanted to make sure you were aware.

This post has been edited by Chlocelot: Jun 28 2017, 05:06 PM
PM
#
b1.jcink.com is a legacy url so it is not equipped with https.

Anywhere you see files.b1.jcink.com substitute it directly for files.jcink.net and https will work.

Since you registered your board before March of this year, it doesn't have some the new default https based URLs that I setup with the default skin.

The Mod CP images have now been fixed though thanks for pointing that out Chlocelot I wasn't aware of that.

signature
email: admin@jcink.com :: blog: John C.
#
Oh okay, that's what I was missing. I also wanted to know one thing while I caught up through this conversation; this is all new to me and I know someone is going to ask.

I have a custom domain for my site. I know as of this moment they are not https supported because the logistics are still being worked through (I'm catching up). If I finish rigging the site to be https ready, so every page has a little green lock, and someone accesses it through the custom domain, are they still secure?

Or can I use mysite.com and if someone is worried about it just tell them to bookmark and use https://mysite.jcink.net?
PM
#
QUOTE
If I finish rigging the site to be https ready, so every page has a little green lock, and someone accesses it through the custom domain, are they still secure?


No. If they access https://yourdomain.ext/ they will receive a certificate error.

If they access http://yourdomain.ext the domain name will work normally, but the connection will (obviously) not be secure.

A temporary solution would be to use a URL redirect from your domain name to the jcink.net https version until we have domains figured out.

signature
email: admin@jcink.com :: blog: John C.
#
QUOTE (John @ Jun 29 2017, 12:24 AM)
QUOTE
If I finish rigging the site to be https ready, so every page has a little green lock, and someone accesses it through the custom domain, are they still secure?


No. If they access https://yourdomain.ext/ they will receive a certificate error.

If they access http://yourdomain.ext the domain name will work normally, but the connection will (obviously) not be secure.

A temporary solution would be to use a URL redirect from your domain name to the jcink.net https version until we have domains figured out.


Okay, I'll redirect through the https URL for my forum and make sure everything is ready to go for when custom domains can be supported. Thank you so much!

This post has been edited by Chlocelot: Jun 28 2017, 05:31 PM
PM
#
Yep. That is the best course of action.

Remember that using https content on http can't and won't hurt at all, it's only a good thing.

signature
email: admin@jcink.com :: blog: John C.
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Development News | Next Newest »

OptionsPages: (5) « First ... 3 4 5  Add ReplyNew TopicNew Poll