Converting to https - Page 2

Undertoad · 12-27-2016, 10:09 PM

No well it's not enforced yet, but will be soon cos it's not truly secure until then. Still working out the first set of issues.

xoxoxoBruce · 12-27-2016, 11:07 PM

Everything seems to be working for me, and considerably faster too.

glatt · 12-28-2016, 07:41 AM

this is kelp
Name: kelp.jpg
Views: 398
Size: 40.5 KB

glatt · 12-28-2016, 07:42 AM

Works for me in firefox

limey · 12-28-2016, 08:26 AM

Works OK for me in Forefox, too ...

Undertoad · 12-28-2016, 02:43 PM

There are still a few lingering items going on... working on it.

Ugh, I did not expect this to be such a problem...

Undertoad · 12-28-2016, 02:49 PM

Yeah. The actual issue is that the site was built depending on Yahoo! code, loaded from Yahoo!, that is delivered INSECURELY and so all Javascript is broken in the https version of our site.

Working on it...

glatt · 12-28-2016, 03:01 PM

Thanks for your work!

Undertoad · 12-28-2016, 03:10 PM

My pleasure sir!

And just like that, a little research says you can obtain the same Javascirpt libraries from Google instead of Yahoo!. We are now getting those from Google over SSL, which means they are secure too.

(But a little... slower? Hmmm is it just me?)

This appears to have been one of the final steps in getting the "lock" symbol to show up when you browse the site with https. Which is a goal of all this.

In another day or two, if everything works, I'll figure out how to redirect all http requests to https.

Undertoad · 12-28-2016, 03:18 PM

The lock symbol is broken right now on any page where requests are made for attachments, or images with http instead of https. So if an https page includes a call for http... it's not secure. Makes sense.

I just add this running commentary in case this is interesting for folks

glatt · 12-28-2016, 03:21 PM

So I posted two smilies this morning from my laptop using Firefox and they worked. But now on tapatalk, I only see one of them worked.

Gravdigr · 12-28-2016, 03:25 PM

Quote:

Originally Posted by Undertoad

I just add this running commentary in case this is interesting for folks

It is very interesting. And thank you, Toad, for the effort that goes into Teh Cellar.

Flint · 12-28-2016, 03:57 PM

Yes, it is interesting.
Thank you for the work and the commentary.

ETA: I'm getting the green hair thing, too.

Undertoad · 12-28-2016, 04:02 PM

It's pretty easy to see what's causing security problems on a page, using Chrome.

You hit F12 and the Developers Console comes up. If you use Chrome and accidentally have hit F12, you have seen this thing. If you've ever developed in CSS or Javascript, you already know.

The Security tab tells you exactly why the page is considered non-secure.

~

Changing ALL hotlinked images is going to be a drag, or at least, a dangerous thing. I'm not sure it can even be done. There's no global search and replace in the forum software. Each one of those images is linked with an insecure permanent BBCODE bit of text. The change has to happen at database level and it has the potential to break things.

xoxoxoBruce · 12-28-2016, 04:08 PM

Quote:

Originally Posted by glatt

So I posted two smilies this morning from my laptop using Firefox and they worked. But now on tapatalk, I only see one of them worked.

They are both there, you just can't see them on tapatalk.

12-27-2016, 11:07 PM	#17
xoxoxoBruce The future is unwritten Join Date: Oct 2002 Posts: 71,105	Everything seems to be working for me, and considerably faster too. __________________ The descent of man ~ Nixon, Friedman, Reagan, Trump.

12-28-2016, 08:26 AM	#20
limey Encroaching on your decrees Join Date: Feb 2004 Location: An island within the south-west coast of Scotland Posts: 7,016	Works OK for me in Forefox, too ... Attached Images __________________ Living it up on the edge ... of civilisation, within the southwest coast of

12-28-2016, 03:57 PM	#28
Flint Snowflake Join Date: Mar 2006 Location: Dystopia Posts: 13,136	Yes, it is interesting. Thank you for the work and the commentary. ETA: I'm getting the green hair thing, too. __________________ **************** There's a level of facility that everyone needs to accomplish, and from there it's a matter of deciding for yourself how important ultra-facility is to your expression. ... I found, like Joseph Campbell said, if you just follow whatever gives you a little joy or excitement or awe, then you're on the right track. . . . . . . . . . . . . . . . . . . . . . . . . . . Terry Bozzio**

12-27-2016, 10:09 PM	#16
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	No well it's not enforced yet, but will be soon cos it's not truly secure until then. Still working out the first set of issues.

12-28-2016, 07:41 AM	#18
glatt ™ Join Date: Jul 2003 Location: Arlington, VA Posts: 27,717	this is kelp

12-28-2016, 07:42 AM	#19
glatt ™ Join Date: Jul 2003 Location: Arlington, VA Posts: 27,717	Works for me in firefox

12-28-2016, 02:43 PM	#21
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	There are still a few lingering items going on... working on it. Ugh, I did not expect this to be such a problem...

12-28-2016, 02:49 PM	#22
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	Yeah. The actual issue is that the site was built depending on Yahoo! code, loaded from Yahoo!, that is delivered INSECURELY and so all Javascript is broken in the https version of our site. Working on it...

12-28-2016, 03:01 PM	#23
glatt ™ Join Date: Jul 2003 Location: Arlington, VA Posts: 27,717	Thanks for your work!

12-28-2016, 03:10 PM	#24
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	My pleasure sir! And just like that, a little research says you can obtain the same Javascirpt libraries from Google instead of Yahoo!. We are now getting those from Google over SSL, which means they are secure too. (But a little... slower? Hmmm is it just me?) This appears to have been one of the final steps in getting the "lock" symbol to show up when you browse the site with https. Which is a goal of all this. In another day or two, if everything works, I'll figure out how to redirect all http requests to https.

12-28-2016, 03:18 PM	#25
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	The lock symbol is broken right now on any page where requests are made for attachments, or images with http instead of https. So if an https page includes a call for http... it's not secure. Makes sense. I just add this running commentary in case this is interesting for folks

12-28-2016, 03:21 PM	#26
glatt ™ Join Date: Jul 2003 Location: Arlington, VA Posts: 27,717	So I posted two smilies this morning from my laptop using Firefox and they worked. But now on tapatalk, I only see one of them worked.

12-28-2016, 04:02 PM	#29
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	It's pretty easy to see what's causing security problems on a page, using Chrome. You hit F12 and the Developers Console comes up. If you use Chrome and accidentally have hit F12, you have seen this thing. If you've ever developed in CSS or Javascript, you already know. The Security tab tells you exactly why the page is considered non-secure. ~ Changing ALL hotlinked images is going to be a drag, or at least, a dangerous thing. I'm not sure it can even be done. There's no global search and replace in the forum software. Each one of those images is linked with an insecure permanent BBCODE bit of text. The change has to happen at database level and it has the potential to break things.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)