Pages: (2) 1 2  ( Go to first unread post ) Add ReplyNew TopicNew Poll

 HTTPS Encrypted Browsing
#
Hey, just to clarify, a question:

So if DoHTML is enabled for posts, does every post containing a http-image have to be edited to https?

I'm talking about codes that use html, but whose css is externally linked, albeit the image is inserted in the post by html.

Thanks!
PM
#
QUOTE
So if DoHTML is enabled for posts, does every post containing a http-image have to be edited to https?

I'm talking about codes that use html, but whose css is externally linked, albeit the image is inserted in the post by html.


I tried to clarify that in this section:

https://jcink.com/main/wiki/https-encrypted...-posted_content

but it may have been confusing, sorry.

[img] bbcode tag, or <img> html tag inserted images served via http are OK.

Images inserted via css -- such as the background-image:url() property, will NOT even display over http, while on https.

This also goes for your own board's CSS.

The problem with this of course, is that as time goes, what is acceptable today may not be acceptable tomorrow. And could happen overnight. I realize it's really hard to force members to use https for all of their images as well, especially right now. I'm currently brainstorming ways to make this easier. Possibly automatically checking posted image URLs to see if https is supported on the host they're using, and then automatically replacing their link.

That's a problem though since the image hosts still have to get with the program of updating to https, too. Since we can't do this replacement if it doesn't exist.

ALSO. Externally linked CSS of any kind *must* be served over https, too.

signature
email: admin@jcink.com :: blog: John C.
#
Thanks for clarifying!

I asked, because the images on http are displayed (still), even though I'm on the https url. But I'll change them now to prevent future disaster http://files.b1.jcink.com/html/emoticons/wink.gif

This post has been edited by agenth: Mar 19 2017, 01:29 PM
PM
#
HTTPS "bugs" fixed http://files.b1.jcink.com/html/emoticons/smile.gif
  • Youtube videos in portal profiles weren't displaying, now being served over https.
  • "Insecure" lock icon on Admin CP's alternative skins. All are fixed now - css content being served over https
  • Arcade games not loading, was not served over https
  • Mobile Mode showing a broken lock icon, small image wasn't served over https
We have a lot of further work to do throughout the coming year, I'm sure, to identify things like this even though they are minor.

Let me know if while browsing the Admin CP, if you are not viewing your board index, macros, or similar page, the lock icon turns to a strike. The Admin CP, at the very least, should be 100% HTTPS at all times.

My plan is to force HTTPS on this forum sometime next month -- currently I'm forcing it on the website.

We will not be forcing HTTPS on user forums since that would be chaotic, but the default forum state for new registrations IS going to change. It's very bad that new forum users see "not secure" when they sign up.

signature
email: admin@jcink.com :: blog: John C.
2 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
1 Members: unfairest
Share this topic:
« Next Oldest | Development News | Next Newest »

OptionsPages: (2) 1 2  Add ReplyNew TopicNew Poll