vb.org Archive - Http to Https redirect

Page 4 of 4

« First

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - Http to Https redirect (https://vborg.vbsupport.ru/showthread.php?t=315884)

CAG CheechDogg

12-09-2014 03:32 AM

Quote:

Originally Posted by AndrewSimm (Post 2526397)

One thing to consider is images linked from other sites are going to cause mix content warnings for your users on some browsers. Until an image proxy is released for vbulletin I wouldn't recommend using SSL unless you have specific pages you want to use it on that users can't use BB code to attach images.

Yes, that is called mixed display content or mixed passive content and it's still allowed to load because so many sites still have this kind of content so google is not really "taxing" us for this ...

I have an ssl on my site and forums and http images load up just fine so using SSL is fine to use even if you have http images from other sites ...

AndrewSimm

12-09-2014 05:41 AM

Quote:

Originally Posted by CAG CheechDogg (Post 2526401)

Well it really depends. I have users that access my site from work and are forced to use IE. The popup messages is an concern to them so it becomes my problem. An image proxy is the only solution.

CAG CheechDogg

12-09-2014 06:13 AM

Oh I hear you on that ... but if you explain to your members why those popups are triggered then they will understand... believe me if my forum's members are concerned about something like this I make sure I explain to them in detail what "mixed content" is ..why google and chrome feel the need to warn us about it and the risks of allowing something to load up if its not https hosted ...

So far I haven't had any problems what soever ... The responsibility of owning and operating a forum and website is knowing how to communicate with you members and explaining to them the risks of using not just your site and forums but any out there ... and what to do to protect themselves from these threats ...

The fact that I take the time to explains stuff like this to them is why my site/forums has been so successful and why I decided to put my site/forums behind https ....

I launched my website/forums in 2008 and it has been behind https since then without problems ...

So yes, "our" member's concerns are also our concerns and problems ... totally agree !!!

AndrewSimm

12-09-2014 07:28 PM

The makeup of users that visit your site are likely a bit different than mine. Most of my users are sports nuts and the warning scares them. They aren't as tech savy as gamers and tend to me older. While I can explain it to them it doesn't look good with new users. When I can get a good image proxy I will put my forum behind SSL and enable SPDY.

RichieBoy67

12-09-2014 07:34 PM

You can have an ssl certificate on your site to avoid the warnings without actually using the htps://.

CAG CheechDogg

12-09-2014 07:45 PM

You can also select what directories or parts of your site are behind https and which are not ...

On my site I need some images hosted without https and I use the following in my htaccess

Code:

RewriteEngine On

RewriteCond %{HTTPS} on

RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

You can do the very opposite of that as well ...

AndrewSimm

12-10-2014 01:33 AM

Quote:

Originally Posted by RichieBoy67 (Post 2526504)

You can have an ssl certificate on your site to avoid the warnings without actually using the htps://.

What do you mean. If you load an image or script over http:// on a site that is loading via https you will get the warning. Different browsers may display this warning in different ways but you still get it.

RichieBoy67

12-10-2014 01:44 AM

You can redirect all https: to http: and add both to the white list in your vbulletin options and you should not get those warnings.

AndrewSimm

12-10-2014 01:52 AM

Quote:

Originally Posted by RichieBoy67 (Post 2526543)

You can redirect all https: to http: and add both to the white list in your vbulletin options and you should not get those warnings.

He wants the users to use https though.

--------------- Added [DATE]1418184496[/DATE] at [TIME]1418184496[/TIME] ---------------

This is what vbulletin needs.

https://xenforo.com/community/resour...ge-proxy.2747/

--------------- Added [DATE]1418189485[/DATE] at [TIME]1418189485[/TIME] ---------------

Here is what github did
https://github.com/blog/743-sidejack...proxied-assets

https://github.com/atmos/camo

All times are GMT. The time now is 07:29 PM.

Page 4 of 4

« First

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02466 seconds Memory Usage 1,740KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (9)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: