Jump to content

moving to ssl certification : what changes we need to do?


Saurabh Jain

Recommended Posts

1 - Once you've got your certificate installed at your host, you will likely want to edit your .htaccess (or local equivalent) to do the redirection. With Apache mod_rewrite that might be something like:

RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://your.site.here/$1 [R,L]

2 - If you allow external images, you will probably want to enable the "Serve images from local server" option in the ACP.

3 - Check conf_global.php for any lines that reference the old http protocol and update them to https. 

4 - If you are using a non-standard SSL port (e.g. not 443) you need to add this line to constants.php

define( 'SSL_PORT', Your weird port here );

5 - Make sure you are using the correct https URLs for things like Facebook, Google, etc. when they embed content into your site. This should be automatic, but keep an eye on it.

 

That should be everything - Invision's software should detect that it is being served over an HTTPS connection and adjust accordingly.

Link to comment
Share on other sites

  • 2 weeks later...

This is mine (work fine with ipb - http is only in images, necessary for preview when u add image from URL, but immediately fixed by internalproxy when u save) :)

Quote

# Content-Security-Policy:
Header set Content-Security-Policy "default-src https:; connect-src https:; font-src https: data:; frame-src https: data:; img-src https: http: data:; media-src https: data:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:;"

 

Link to comment
Share on other sites

  • 4 months later...
On 15.01.2016 г. at 7:18 PM, laltroweb.it said:

This is mine (work fine with ipb - http is only in images, necessary for preview when u add image from URL, but immediately fixed by internalproxy when u save) ^_^

 

frame-src https: data:;  -> in validation test is recommended to be replaced with child-src ...

style-src 'unsafe-inline' https:; -> no longer used and should be removed.

 

Link to comment
Share on other sites

i've just changed some time ago with ^_^

Content-Security-Policy: default-src https:; connect-src https:; font-src https: data:; child-src https: data:; img-src https: http: data: blob:; media-src https: data:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:;

but i cannot found more info for style-src :|

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...