Jump to content

Anyone running full https?


AutoItScript
 Share

Recommended Posts

I've moved all of my website, bug trackers, wiki, etc to full https (interesting watch: https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post ). But I can't think of a sensible way to do it for my forum.  Is anyone else running full https?

The issue is that user generated content, like image links offsite are usually http - so you end up with mixed content warnings depending on your browser. Some don't class images as a major problem and only react by removing the padlock icon to indicate that although you are using https the page isn't entirely encrypted - that's sensible. Some browsers can give much nastier messages and popups.

Any advice?

 

Link to comment
Share on other sites

.

I'm running full HTTPS .. and yes .. if you start with HTTPS then you have to follow all outside links with HTTPS (that will display media on your site), no other choice .. or you get browser conflicts ..

I'm not sure if there is an overwrite if someone post a link, let's say a youtube link in HTTP that it will change automatically to HTTPS .. it should be though ..

 

edit: tried it to post a YouTube in HTTP and it changed automatically to HTTPS ..

 

.

Edited by IN10TION
Link to comment
Share on other sites

I've moved all of my website, bug trackers, wiki, etc to full https (interesting watch: https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post ). But I can't think of a sensible way to do it for my forum.  Is anyone else running full https?

The issue is that user generated content, like image links offsite are usually http - so you end up with mixed content warnings depending on your browser. Some don't class images as a major problem and only react by removing the padlock icon to indicate that although you are using https the page isn't entirely encrypted - that's sensible. Some browsers can give much nastier messages and popups.

Any advice?

 

​Probably best to go http or only allow users to upload images that go into your sites images files and are safe. Some sites can't do this due to the nature of what's being posted and those sites need to consider staying http imo. Same thing with having someone post a external none http link in general. It will make that pages ssl cymbal show different in some browsers. Not sure writing something to check this is the answer.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...