Welcome, Guest. Please login or register.
March 28, 2024, 11:42:35 am

ballp.it is the community forum for The F Plus.

You're only seeing part of the forum conversation. To see more, register for an account. This will give you read-only access to nearly all the forums.

Topic: [REQUEST] Test the https connection  (Read 7006 times)

Lemon

  • Whatever happened to Freedom of Speech?
  • Administrator
  • ...IT'S NOW THE MASH!
  • 4,127
  • 421
[REQUEST] Test the https connection
Hi!

Okay, so we just finally got https running on ballp.it (your move, PornHub) and I'd like to turn it on for everybody by default, but I need to make sure I wouldn't break anything in the process.

The home page and login page are serving up fine (the biggest hurdle) -   a lot of the threads aren't going to show a green lock because a lot of threads load in images from other websites, and that's just the reality of the situation and that's fine. I'd like the green lock where possible, but I just want to make sure it doesn't actually break anywhere.

So, what I'd like a couple people to do if you've got a couple minutes: Change the URL to https://ballp.it and browse around. If you end up at http at any point, change that url to https:// and see if it still works.

If everything's hunky dory, I'll convert all existing http connections to https and we'll be feeling all super secure with our lives.

Zekka

  • I AM IN INTO MATHEMATICAL CALCULATIONS AND MANY METHODS USED IN THE STOCK MARKET
  • Paid
    • 872
    • 54
[REQUEST] Test the https connection #1
Hi!

Okay, so we just finally got https running on ballp.it (your move, PornHub) and I'd like to turn it on for everybody by default, but I need to make sure I wouldn't break anything in the process.

The home page and login page are serving up fine (the biggest hurdle) -   a lot of the threads aren't going to show a green lock because a lot of threads load in images from other websites, and that's just the reality of the situation and that's fine. I'd like the green lock where possible, but I just want to make sure it doesn't actually break anywhere.

So, what I'd like a couple people to do if you've got a couple minutes: Change the URL to https://ballp.it and browse around. If you end up at http at any point, change that url to https:// and see if it still works.

If everything's hunky dory, I'll convert all existing http connections to https and we'll be feeling all super secure with our lives.
Lemon, September 06, 2016, 11:09:46 am

Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?

Lemon

  • Whatever happened to Freedom of Speech?
  • Administrator
  • ...IT'S NOW THE MASH!
  • 4,127
  • 421
[REQUEST] Test the https connection #2
Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?
Zekka, September 06, 2016, 11:15:17 am

I don't think so, hence the testing. Again, the "insecure content (such as images)" warning is an inevitability - there's all sorts of threads with pictures from different URLs, as are quite a few avatars.

Zekka

  • I AM IN INTO MATHEMATICAL CALCULATIONS AND MANY METHODS USED IN THE STOCK MARKET
  • Paid
    • 872
    • 54
[REQUEST] Test the https connection #3
Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?
Zekka, September 06, 2016, 11:15:17 am

I don't think so, hence the testing. Again, the "insecure content (such as images)" warning is an inevitability - there's all sorts of threads with pictures from different URLs, as are quite a few avatars.
Lemon, September 06, 2016, 11:19:04 am

Oh. Uh, I had assumed the lock only went yellow if the insecure resources were on the same server, but I think your version makes more sense.

Lemon

  • Whatever happened to Freedom of Speech?
  • Administrator
  • ...IT'S NOW THE MASH!
  • 4,127
  • 421
[REQUEST] Test the https connection #4
Oh. Uh, I had assumed the lock only went yellow if the insecure resources were on the same server, but I think your version makes more sense.
Zekka, September 06, 2016, 11:22:43 am

Both Chrome and Mozilla have changed their strategy for this a number of times this year. It used to be that if you had an https site which loaded something via http, you got this big red alert box that was like "HOLY SHIT THIS IS TOTALLY INSECURE", which made people like myself very to want to fuck with anything.

Now, if you have "mixed content", the icon is a piece of paper, the same thing you get if you go to a regular http site, which is much more reasonable.

EYE OF ZA

  • some people's reactions such as the fuck,the hell,wtf, or what the hell
  • Paid
  • I have a problem and then I have another problem
    • 2,572
    • 162
[REQUEST] Test the https connection #5
Android Chrome here, works fine.  Secure icon shows up unless I visit a thread with external images.
Lemon

Yavuz

  • Fave: Heavily Excessive Prekumquatxop
  • Paid
  • whats up you cem loving fuck
  • 1,788
  • 78
[REQUEST] Test the https connection #6
It seems to work fine on Chrome for Mac, although the bulb image appears to be loading through the http version of ballp.it.

ETA: I'm not sure that it is the bulbs. Here's the message from Chrome's inspector: "Mixed Content: The page at 'https://ballp.it/index.php?topic=2325.0' was loaded over HTTPS, but requested an insecure image 'http://ballp.it/index.php?%61ction=bulb;msg=62265;topic=1984'. This content should also be served over HTTPS."
« Last Edit: September 06, 2016, 12:21:21 pm by Yavuz Sultan Selim »

Lemon

  • Whatever happened to Freedom of Speech?
  • Administrator
  • ...IT'S NOW THE MASH!
  • 4,127
  • 421
[REQUEST] Test the https connection #7
You mean the bulb icon? That shouldn't be true. The bulb is inline svg, so it's pulling from another part on the page. The inline svg does have
xmlns="http://www.w3.org/2000/svg"
in the defintion, but unfortunately that's just the way it needs to be written.

Although now that you mention it, I think I might just stick all the svg into one external file, which I had wanted to to a long time ago. It'll improve page load for everyone while also breaking on every single version of IE (including IE11). Which might be okay.

Jack Sensation

  • A Pornhub Superbike
  • Paid
    • 82
    • 5
[REQUEST] Test the https connection #8


I'd seen everything there but the filled star wouldn't go away until I went to the non-HTTPS version of the site.

e: I puzzled it out, it's because I was the last poster there.
« Last Edit: September 06, 2016, 12:45:18 pm by Jack Sensation »

Zekka

  • I AM IN INTO MATHEMATICAL CALCULATIONS AND MANY METHODS USED IN THE STOCK MARKET
  • Paid
    • 872
    • 54
[REQUEST] Test the https connection #9
It seems to work fine on Chrome for Mac, although the bulb image appears to be loading through the http version of ballp.it.

ETA: I'm not sure that it is the bulbs. Here's the message from Chrome's inspector: "Mixed Content: The page at 'https://ballp.it/index.php?topic=2325.0' was loaded over HTTPS, but requested an insecure image 'http://ballp.it/index.php?%61ction=bulb;msg=62265;topic=1984'. This content should also be served over HTTPS."
Yavuz Sultan Selim, September 06, 2016, 12:17:05 pm

Oh, that's because I made my avatar a csrf attack as part of an earlier gimmick. It's not the real bulb icon.

Lemon

  • Whatever happened to Freedom of Speech?
  • Administrator
  • ...IT'S NOW THE MASH!
  • 4,127
  • 421
[REQUEST] Test the https connection #10
Testing seems to have gone well. All connections to ballp.it are now HTTPS.
chai tea latte Nifty Nif

Ashto

  • Paid
  • I don't even know anymore
    • 676
    • 43
[REQUEST] Test the https connection #11
Is there any chance this change would have affected the .css files for the  forum profiles? I don't recall there being so many <hr> tags before.

Edit: or the <li> tags next icons on other's profiles. Coincidentally, can't seem to change the post attachment once it's gone up, but that's a separate issue.
« Last Edit: September 10, 2016, 12:20:05 am by Ashto »

chai tea latte

  • TheftBot is, simply put, a fully sentient robot for stealing automatic teller machines
  • Paid
  • (ATMs) from nearby convenience stores.
  • 5,773
  • -420
[REQUEST] Test the https connection #12
Pretty sure that's a new design. I like it a bunch.

Lemon

  • Whatever happened to Freedom of Speech?
  • Administrator
  • ...IT'S NOW THE MASH!
  • 4,127
  • 421
[REQUEST] Test the https connection #13
Yeah, unrelated to the HTTPS I tweaked the design of the user profile page.

Thanks chai