Welcome, Guest. Please login or register.
November 14, 2018, 04:44:21 pm

ballp.it is the community forum for The F Plus.

You're only seeing part of the forum conversation. To see more, register for an account. This will give you read-only access to nearly all the forums.

Topic: [REQUEST] Test the https connection  (Read 2221 times)

Lemon

  • (I have no sex virus)
  • Administrator
  • Miss Priss, I'd like to piss on your coat.
  • 3,204
  • 375
[REQUEST] Test the https connection
« on: September 06, 2016, 11:09:46 am »
Hi!

Okay, so we just finally got https running on ballp.it (your move, PornHub) and I'd like to turn it on for everybody by default, but I need to make sure I wouldn't break anything in the process.

The home page and login page are serving up fine (the biggest hurdle) -   a lot of the threads aren't going to show a green lock because a lot of threads load in images from other websites, and that's just the reality of the situation and that's fine. I'd like the green lock where possible, but I just want to make sure it doesn't actually break anywhere.

So, what I'd like a couple people to do if you've got a couple minutes: Change the URL to https://ballp.it and browse around. If you end up at http at any point, change that url to https:// and see if it still works.

If everything's hunky dory, I'll convert all existing http connections to https and we'll be feeling all super secure with our lives.

Zekka

  • I AM IN INTO MATHEMATICAL CALCULATIONS AND MANY METHODS USED IN THE STOCK MARKET
  • Paid
    • 785
    • 56
[REQUEST] Test the https connection
« Reply #1 on: September 06, 2016, 11:15:17 am »
Hi!

Okay, so we just finally got https running on ballp.it (your move, PornHub) and I'd like to turn it on for everybody by default, but I need to make sure I wouldn't break anything in the process.

The home page and login page are serving up fine (the biggest hurdle) -   a lot of the threads aren't going to show a green lock because a lot of threads load in images from other websites, and that's just the reality of the situation and that's fine. I'd like the green lock where possible, but I just want to make sure it doesn't actually break anywhere.

So, what I'd like a couple people to do if you've got a couple minutes: Change the URL to https://ballp.it and browse around. If you end up at http at any point, change that url to https:// and see if it still works.

If everything's hunky dory, I'll convert all existing http connections to https and we'll be feeling all super secure with our lives.

Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?

Lemon

  • (I have no sex virus)
  • Administrator
  • Miss Priss, I'd like to piss on your coat.
  • 3,204
  • 375
[REQUEST] Test the https connection
« Reply #2 on: September 06, 2016, 11:19:04 am »
Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?

I don't think so, hence the testing. Again, the "insecure content (such as images)" warning is an inevitability - there's all sorts of threads with pictures from different URLs, as are quite a few avatars.

Zekka

  • I AM IN INTO MATHEMATICAL CALCULATIONS AND MANY METHODS USED IN THE STOCK MARKET
  • Paid
    • 785
    • 56
[REQUEST] Test the https connection
« Reply #3 on: September 06, 2016, 11:22:43 am »
Firefox says that pages still contain insecure content (such as images) -- are you hardcoding HTTP for static resources?

I don't think so, hence the testing. Again, the "insecure content (such as images)" warning is an inevitability - there's all sorts of threads with pictures from different URLs, as are quite a few avatars.

Oh. Uh, I had assumed the lock only went yellow if the insecure resources were on the same server, but I think your version makes more sense.

Lemon

  • (I have no sex virus)
  • Administrator
  • Miss Priss, I'd like to piss on your coat.
  • 3,204
  • 375
[REQUEST] Test the https connection
« Reply #4 on: September 06, 2016, 11:29:05 am »
Oh. Uh, I had assumed the lock only went yellow if the insecure resources were on the same server, but I think your version makes more sense.

Both Chrome and Mozilla have changed their strategy for this a number of times this year. It used to be that if you had an https site which loaded something via http, you got this big red alert box that was like "HOLY SHIT THIS IS TOTALLY INSECURE", which made people like myself very to want to fuck with anything.

Now, if you have "mixed content", the icon is a piece of paper, the same thing you get if you go to a regular http site, which is much more reasonable.

SATAN MILKSHAKE

  • some people's reactions such as the fuck,the hell,wtf, or what the hell
  • Paid
  • I have a problem and then I have another problem
    • 1,878
    • 144
[REQUEST] Test the https connection
« Reply #5 on: September 06, 2016, 11:40:17 am »
Android Chrome here, works fine.  Secure icon shows up unless I visit a thread with external images.
Lemon

Yavuz Sultan Selim

  • Fave: Heavily Excessive Prekumquatxop
  • Paid
  • whats up you cem loving fuck
  • 1,524
  • 64
[REQUEST] Test the https connection
« Reply #6 on: September 06, 2016, 12:17:05 pm »
It seems to work fine on Chrome for Mac, although the bulb image appears to be loading through the http version of ballp.it.

ETA: I'm not sure that it is the bulbs. Here's the message from Chrome's inspector: "Mixed Content: The page at 'https://ballp.it/index.php?topic=2325.0' was loaded over HTTPS, but requested an insecure image 'http://ballp.it/index.php?%61ction=bulb;msg=62265;topic=1984'. This content should also be served over HTTPS."
« Last Edit: September 06, 2016, 12:21:21 pm by Yavuz Sultan Selim »

Lemon

  • (I have no sex virus)
  • Administrator
  • Miss Priss, I'd like to piss on your coat.
  • 3,204
  • 375
[REQUEST] Test the https connection
« Reply #7 on: September 06, 2016, 12:23:29 pm »
You mean the bulb icon? That shouldn't be true. The bulb is inline svg, so it's pulling from another part on the page. The inline svg does have
Code: [Select]
xmlns="http://www.w3.org/2000/svg" in the defintion, but unfortunately that's just the way it needs to be written.

Although now that you mention it, I think I might just stick all the svg into one external file, which I had wanted to to a long time ago. It'll improve page load for everyone while also breaking on every single version of IE (including IE11). Which might be okay.

Jack Sensation

  • A Pornhub Superbike
  • Paid
    • 82
    • 5
[REQUEST] Test the https connection
« Reply #8 on: September 06, 2016, 12:32:06 pm »


I'd seen everything there but the filled star wouldn't go away until I went to the non-HTTPS version of the site.

e: I puzzled it out, it's because I was the last poster there.
« Last Edit: September 06, 2016, 12:45:18 pm by Jack Sensation »

Zekka

  • I AM IN INTO MATHEMATICAL CALCULATIONS AND MANY METHODS USED IN THE STOCK MARKET
  • Paid
    • 785
    • 56
[REQUEST] Test the https connection
« Reply #9 on: September 06, 2016, 01:41:26 pm »
It seems to work fine on Chrome for Mac, although the bulb image appears to be loading through the http version of ballp.it.

ETA: I'm not sure that it is the bulbs. Here's the message from Chrome's inspector: "Mixed Content: The page at 'https://ballp.it/index.php?topic=2325.0' was loaded over HTTPS, but requested an insecure image 'http://ballp.it/index.php?%61ction=bulb;msg=62265;topic=1984'. This content should also be served over HTTPS."

Oh, that's because I made my avatar a csrf attack as part of an earlier gimmick. It's not the real bulb icon.

Lemon

  • (I have no sex virus)
  • Administrator
  • Miss Priss, I'd like to piss on your coat.
  • 3,204
  • 375
[REQUEST] Test the https connection
« Reply #10 on: September 08, 2016, 11:54:42 am »
Testing seems to have gone well. All connections to ballp.it are now HTTPS.
Ambious chai tea latte Nifty Nif

Ashto

  • Paid
    • 557
    • 39
[REQUEST] Test the https connection
« Reply #11 on: September 10, 2016, 12:06:03 am »
Is there any chance this change would have affected the .css files for the  forum profiles? I don't recall there being so many <hr> tags before.

Edit: or the <li> tags next icons on other's profiles. Coincidentally, can't seem to change the post attachment once it's gone up, but that's a separate issue.
« Last Edit: September 10, 2016, 12:20:05 am by Ashto »

chai tea latte

  • Paid
  • it's ironic
  • 3,842
  • -420
[REQUEST] Test the https connection
« Reply #12 on: September 10, 2016, 12:10:14 am »
Pretty sure that's a new design. I like it a bunch.

Lemon

  • (I have no sex virus)
  • Administrator
  • Miss Priss, I'd like to piss on your coat.
  • 3,204
  • 375
[REQUEST] Test the https connection
« Reply #13 on: September 10, 2016, 12:29:14 am »
Yeah, unrelated to the HTTPS I tweaked the design of the user profile page.

Thanks chai