Solved SSL Padlock on r4p3.net

Status
Not open for further replies.

ewenjo

That norwegian guy
Joined
Dec 14, 2016
Messages
91
Points
57
Location
Norway
It's because a recent profile post includes an unencrypted HTTP link which is shown on the front page. So the website is not "fully" encrypted because of this one file.
 

Alligatoras

Administrator
Joined
Mar 31, 2016
Messages
2,047
Points
341
Age
26
Location
Greece
Changed the link to contain "https". The issue has been solved.
Unfortunatetly, we can't do many things to prevent that, only change the links manually.
 

gajdi

New Member
Joined
Jul 4, 2018
Messages
1
Points
13
Age
28
Or you could set up an event listener on the client-side to check the post when the user submits to replace every occurrence of http:// to https://
The same can be done and necessary on the backend as well.
And you can always educate the users by informing them to use the proper protocol whenever they try to post http.
Although, some broken links will surely be present when someone tries to share some shitty old site.
 

bindik

VIP
Joined
May 10, 2016
Messages
40
Points
55
Age
39
Or you could set up an event listener on the client-side to check the post when the user submits to replace every occurrence of http:// to https://
The same can be done and necessary on the backend as well.
And you can always educate the users by informing them to use the proper protocol whenever they try to post http.
Although, some broken links will surely be present when someone tries to share some shitty old site.
What if the service doesnt have SSL certificate at that endpoint? Browser would just refuse the connection
 

Asphyxia

Server Monkey
Administrator
Joined
Apr 25, 2015
Messages
1,211
Points
252
Age
26
Location
North America
Browser would just refuse the connection
In the past, we only accepted imgur links and forced them to https. That worked quite well but the downside is everyone has to know to upload everything to Imgur unless we scraped image links, placed them to Imgur, then replaced image urls.
 

tagKnife

Well-Known Member
Joined
Oct 2, 2015
Messages
335
Points
106
Age
29
Just add
Code:
Content-Security-Policy: upgrade-insecure-requests; default-src https:
to the servers headers.
 
Last edited:
Status
Not open for further replies.

Top