Jump to content

Anyone running full https?


AutoItScript

Recommended Posts

I've moved all of my website, bug trackers, wiki, etc to full https (interesting watch: https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post ). But I can't think of a sensible way to do it for my forum.  Is anyone else running full https?

The issue is that user generated content, like image links offsite are usually http - so you end up with mixed content warnings depending on your browser. Some don't class images as a major problem and only react by removing the padlock icon to indicate that although you are using https the page isn't entirely encrypted - that's sensible. Some browsers can give much nastier messages and popups.

Any advice?

 

Link to comment
Share on other sites

.

I'm running full HTTPS .. and yes .. if you start with HTTPS then you have to follow all outside links with HTTPS (that will display media on your site), no other choice .. or you get browser conflicts ..

I'm not sure if there is an overwrite if someone post a link, let's say a youtube link in HTTP that it will change automatically to HTTPS .. it should be though ..

 

edit: tried it to post a YouTube in HTTP and it changed automatically to HTTPS ..

 

.

Link to comment
Share on other sites

I've moved all of my website, bug trackers, wiki, etc to full https (interesting watch: https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post ). But I can't think of a sensible way to do it for my forum.  Is anyone else running full https?

The issue is that user generated content, like image links offsite are usually http - so you end up with mixed content warnings depending on your browser. Some don't class images as a major problem and only react by removing the padlock icon to indicate that although you are using https the page isn't entirely encrypted - that's sensible. Some browsers can give much nastier messages and popups.

Any advice?

 

​Probably best to go http or only allow users to upload images that go into your sites images files and are safe. Some sites can't do this due to the nature of what's being posted and those sites need to consider staying http imo. Same thing with having someone post a external none http link in general. It will make that pages ssl cymbal show different in some browsers. Not sure writing something to check this is the answer.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...