AutoItScript Posted April 24, 2015 Share Posted April 24, 2015 I've moved all of my website, bug trackers, wiki, etc to full https (interesting watch: https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post ). But I can't think of a sensible way to do it for my forum. Is anyone else running full https?The issue is that user generated content, like image links offsite are usually http - so you end up with mixed content warnings depending on your browser. Some don't class images as a major problem and only react by removing the padlock icon to indicate that although you are using https the page isn't entirely encrypted - that's sensible. Some browsers can give much nastier messages and popups.Any advice? Link to comment Share on other sites More sharing options...
不中用 Posted April 25, 2015 Share Posted April 25, 2015 .I'm running full HTTPS .. and yes .. if you start with HTTPS then you have to follow all outside links with HTTPS (that will display media on your site), no other choice .. or you get browser conflicts ..I'm not sure if there is an overwrite if someone post a link, let's say a youtube link in HTTP that it will change automatically to HTTPS .. it should be though .. edit: tried it to post a YouTube in HTTP and it changed automatically to HTTPS .. . Link to comment Share on other sites More sharing options...
DesignzShop Posted April 25, 2015 Share Posted April 25, 2015 I've moved all of my website, bug trackers, wiki, etc to full https (interesting watch: https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post ). But I can't think of a sensible way to do it for my forum. Is anyone else running full https?The issue is that user generated content, like image links offsite are usually http - so you end up with mixed content warnings depending on your browser. Some don't class images as a major problem and only react by removing the padlock icon to indicate that although you are using https the page isn't entirely encrypted - that's sensible. Some browsers can give much nastier messages and popups.Any advice? Probably best to go http or only allow users to upload images that go into your sites images files and are safe. Some sites can't do this due to the nature of what's being posted and those sites need to consider staying http imo. Same thing with having someone post a external none http link in general. It will make that pages ssl cymbal show different in some browsers. Not sure writing something to check this is the answer. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.