Main Menu

HTTP(S) woes

Started by 12345ieee, March 11, 2017, 03:05:06 PM

Previous topic - Next topic

12345ieee

Browsers are getting more and more paranoid these days (and people less and less, but this is another story) about unsecure online logins.
In particular Firefox 52.0, fresh from beta, started complaining about the forum login form, that is under http.

While I don't really care about the password I use here, it'd be nice to silence it.
I see you have a valid certificate for knucklecracker.com, the forum sort of works in https at the moment, but you serve images via http, but I hope it is fixable before browsers get even more paranoid by default.

Sorrontis

I know it's trying to say something, but I just don't understand.
"If you want others to be happy, practice compassion. If you want to be happy, practice compassion."

12345ieee

I'm sorry, it's Saturday and I didn't feel like filling a IT-ticket-like report.

----------------------

Dear maintainer,

I've noticed the knucklecracker forum  ( knucklecracker.com/forums ) login form is using an insecure http connection.
This was already known to me, and not a great bother, but a recent version of the Firefox web browser (52.0, Linux) has started complaining about such insecure forms.

Please migrate to a secure (https) connection.

Thanks
12345ieee

--------------------

Better?

Johnny Haywire

Or you COULD say...

My dear maintainer bloke,
Your forum form is broke.
Firefox awoke
"Unsafe!" it spoke;
It did my angst provoke.

I mean, you don't HAVE to say that but you COULD. Just sayin'.


You disagree with this sentence, don't you?

Michionlion

I'm just going to come out of lurking to say good job on that, Johnny. Back to lurking...
"Remember kids, the only difference between science and messing around is writing it down."
                                                                                                                         - Adam Savage

My website
My CW1, and CW2 maps!

knucracker

Looks like SMF might be addressing some of these issues in the upcoming 2.0.14 version. You can come close by just accessing https://knucklecracker.com/forums.  But as you say, images are mixed content so in firefox you still get a little unlocked icon up at the top.  We'll see what 2.0.14 does once it is released.

Johnny Haywire

Quote from: Michionlion on March 12, 2017, 12:25:07 AM
I'm just going to come out of lurking to say good job on that, Johnny. Back to lurking...

Heh heh, thanks m8!  ;D
You disagree with this sentence, don't you?

Stickman

#7
Quote from: Johnny Haywire on March 11, 2017, 10:17:09 PM
Or you COULD say...

My dear maintainer bloke,
Your forum form is broke.
Firefox awoke
"Unsafe!" it spoke;
It did my angst provoke.

I mean, you don't HAVE to say that but you COULD. Just sayin'.

That feels like almost a limerick.

There was a fine fellow from Italy
Whose FireFox acted quite jittery
So he asked the admin
To put some security in
So he wouldn't browse forum so bitterly
=====> This is a moderately pointy stick. You need to poke me with it once in three days if you need PRPL from me

12345ieee

From now on I'm posting all my bug reports here and have them converted in poetry before submitting.

Quote from: virgilw on March 12, 2017, 11:55:31 AM
Looks like SMF might be addressing some of these issues in the upcoming 2.0.14 version. You can come close by just accessing https://knucklecracker.com/forums.  But as you say, images are mixed content so in firefox you still get a little unlocked icon up at the top.  We'll see what 2.0.14 does once it is released.

Thanks V, let's see.

12345ieee

SMF 2.0.14 has just been released: https://www.simplemachines.org/community/index.php?topic=553855.0

The changelog says 'Added HTTPS', so it should fix the reported problem.

Builder17

Forum logo and michelion's avatar are http in this topic, it seems