Hi!
Okay, so we just finally got https running on ballp.it (your move, PornHub) and I'd like to turn it on for everybody by default, but I need to make sure I wouldn't break anything in the process.
The home page and login page are serving up fine (the biggest hurdle) - a lot of the threads aren't going to show a green lock because a lot of threads load in images from other websites, and that's just the reality of the situation and that's fine. I'd like the green lock where possible, but I just want to make sure it doesn't actually break anywhere.
So, what I'd like a couple people to do if you've got a couple minutes: Change the URL to https://ballp.it and browse around. If you end up at http at any point, change that url to https:// and see if it still works.
If everything's hunky dory, I'll convert all existing http connections to https and we'll be feeling all super secure with our lives.
Lemon, September 06, 2016, 11:09:46 am
Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?
Zekka, September 06, 2016, 11:15:17 am
Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?
Zekka, September 06, 2016, 11:15:17 am
I don't think so, hence the testing. Again, the "insecure content (such as images)" warning is an inevitability - there's all sorts of threads with pictures from different URLs, as are quite a few avatars.
Lemon, September 06, 2016, 11:19:04 am
Oh. Uh, I had assumed the lock only went yellow if the insecure resources were on the same server, but I think your version makes more sense.
Zekka, September 06, 2016, 11:22:43 am
xmlns="http://www.w3.org/2000/svg"
It seems to work fine on Chrome for Mac, although the bulb image appears to be loading through the http version of ballp.it.
ETA: I'm not sure that it is the bulbs. Here's the message from Chrome's inspector: "Mixed Content: The page at 'https://ballp.it/index.php?topic=2325.0' was loaded over HTTPS, but requested an insecure image 'http://ballp.it/index.php?%61ction=bulb;msg=62265;topic=1984'. This content should also be served over HTTPS."
Yavuz Sultan Selim, September 06, 2016, 12:17:05 pm