Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #31  
Old 12-09-2014, 03:32 AM
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Location: Riverside, California USA
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by AndrewSimm View Post
One thing to consider is images linked from other sites are going to cause mix content warnings for your users on some browsers. Until an image proxy is released for vbulletin I wouldn't recommend using SSL unless you have specific pages you want to use it on that users can't use BB code to attach images.
Yes, that is called mixed display content or mixed passive content and it's still allowed to load because so many sites still have this kind of content so google is not really "taxing" us for this ...

I have an ssl on my site and forums and http images load up just fine so using SSL is fine to use even if you have http images from other sites ...
Reply With Quote
  #32  
Old 12-09-2014, 05:41 AM
AndrewSimm AndrewSimm is offline
 
Join Date: Sep 2006
Location: Atlanta, GA
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by CAG CheechDogg View Post
Yes, that is called mixed display content or mixed passive content and it's still allowed to load because so many sites still have this kind of content so google is not really "taxing" us for this ...

I have an ssl on my site and forums and http images load up just fine so using SSL is fine to use even if you have http images from other sites ...
Well it really depends. I have users that access my site from work and are forced to use IE. The popup messages is an concern to them so it becomes my problem. An image proxy is the only solution.
Reply With Quote
Благодарность от:
CAG CheechDogg
  #33  
Old 12-09-2014, 06:13 AM
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Location: Riverside, California USA
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh I hear you on that ... but if you explain to your members why those popups are triggered then they will understand... believe me if my forum's members are concerned about something like this I make sure I explain to them in detail what "mixed content" is ..why google and chrome feel the need to warn us about it and the risks of allowing something to load up if its not https hosted ...

So far I haven't had any problems what soever ... The responsibility of owning and operating a forum and website is knowing how to communicate with you members and explaining to them the risks of using not just your site and forums but any out there ... and what to do to protect themselves from these threats ...

The fact that I take the time to explains stuff like this to them is why my site/forums has been so successful and why I decided to put my site/forums behind https ....

I launched my website/forums in 2008 and it has been behind https since then without problems ...

So yes, "our" member's concerns are also our concerns and problems ... totally agree !!!
Reply With Quote
  #34  
Old 12-09-2014, 07:28 PM
AndrewSimm AndrewSimm is offline
 
Join Date: Sep 2006
Location: Atlanta, GA
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The makeup of users that visit your site are likely a bit different than mine. Most of my users are sports nuts and the warning scares them. They aren't as tech savy as gamers and tend to me older. While I can explain it to them it doesn't look good with new users. When I can get a good image proxy I will put my forum behind SSL and enable SPDY.
Reply With Quote
  #35  
Old 12-09-2014, 07:34 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can have an ssl certificate on your site to avoid the warnings without actually using the htps://.
Reply With Quote
Благодарность от:
CAG CheechDogg
  #36  
Old 12-09-2014, 07:45 PM
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Location: Riverside, California USA
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can also select what directories or parts of your site are behind https and which are not ...

On my site I need some images hosted without https and I use the following in my htaccess

Code:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
You can do the very opposite of that as well ...
Reply With Quote
  #37  
Old 12-10-2014, 01:33 AM
AndrewSimm AndrewSimm is offline
 
Join Date: Sep 2006
Location: Atlanta, GA
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RichieBoy67 View Post
You can have an ssl certificate on your site to avoid the warnings without actually using the htps://.
What do you mean. If you load an image or script over http:// on a site that is loading via https you will get the warning. Different browsers may display this warning in different ways but you still get it.
Reply With Quote
  #38  
Old 12-10-2014, 01:44 AM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can redirect all https: to http: and add both to the white list in your vbulletin options and you should not get those warnings.
Reply With Quote
  #39  
Old 12-10-2014, 01:52 AM
AndrewSimm AndrewSimm is offline
 
Join Date: Sep 2006
Location: Atlanta, GA
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RichieBoy67 View Post
You can redirect all https: to http: and add both to the white list in your vbulletin options and you should not get those warnings.
He wants the users to use https though.

--------------- Added [DATE]1418184496[/DATE] at [TIME]1418184496[/TIME] ---------------

This is what vbulletin needs.

https://xenforo.com/community/resour...ge-proxy.2747/

--------------- Added [DATE]1418189485[/DATE] at [TIME]1418189485[/TIME] ---------------

Here is what github did
https://github.com/blog/743-sidejack...proxied-assets

https://github.com/atmos/camo
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09959 seconds
  • Memory Usage 2,258KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (9)post_thanks_box
  • (2)post_thanks_box_bit
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete