Make these ads go away.
+ Reply to Thread
Results 1 to 10 of 10

Thread: home page over https

  1. #1
    Senior Member
    is poking the sun
     
    I am:
    ----
     
    yaaarrrgg's Avatar
    Join Date
    Dec 2007
    Posts
    1,249
    Local Date
    11-19-2018
    Local Time
    11:54 AM
    Points
    820

    home page over https

    Anyone notice that the home page is broken over https://? For example:

    https://www.forumgarden.com/

    The problem are these lines:

    <script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=404"></script>
    <script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/connection/connection-min.js?v=404"></script>

    It doesn't look like yahooapis serves these over https, so they will be blocked if not. To fix, the scripts probably could to be downloaded to a local folder, and served directly from the forum site through https.

    I also notice the site is hopping between http and https. This can cause session and login issues since, cookies won't be shared across the two protocols. I'd recommend serving everything through https only.

  2. #2
    Senior Member
    This user has no status.
     
    I am:
    Cool
     

    Join Date
    Nov 2009
    Location
    Northeast
    Posts
    9,605
    Local Date
    11-19-2018
    Local Time
    12:54 PM
    Points
    30,410
    Gifts Kitten

    Re: home page over https

    Would that fix these login and refreshing issues?
    “Those who can make you believe absurdities can make you commit atrocities,”
    Voltaire

  3. #3
    Senior Member
    is poking the sun
     
    I am:
    ----
     
    yaaarrrgg's Avatar
    Join Date
    Dec 2007
    Posts
    1,249
    Local Date
    11-19-2018
    Local Time
    11:54 AM
    Points
    820

    Re: home page over https

    Yeah, it might help. There could be more than one issue too.

    I did just check the login URL and it is on https (which is correct). So that much looks good.

    Mixing http and https can easily cause session issues. From the perspective of the browser, http and https are two completely separate websites. The safest route is to run everything on https, then only use http to redirect straight to the https url.

  4. #4
    Senior Member
    This user has no status.
     
    I am:
    Cool
     

    Join Date
    Nov 2009
    Location
    Northeast
    Posts
    9,605
    Local Date
    11-19-2018
    Local Time
    12:54 PM
    Points
    30,410
    Gifts Kitten

    Re: home page over https

    Are SSL certificates worth it?
    “Those who can make you believe absurdities can make you commit atrocities,”
    Voltaire

  5. #5
    Senior Member
    is poking the sun
     
    I am:
    ----
     
    yaaarrrgg's Avatar
    Join Date
    Dec 2007
    Posts
    1,249
    Local Date
    11-19-2018
    Local Time
    11:54 AM
    Points
    820

    Re: home page over https

    Yeah, overall they are good.

    On the practical level, there's probably little risk of running this forum without a cert. Since there's little or no sensitive data ever posted on the site (no one posts credit card or financial information).

    Though longer term, browsers and search engines are starting to penalize sites if they don't have a cert. Everything is moving towards https, as a standard. Chrome is going to start displaying warnings on sites without it.

  6. #6
    Senior Member
    is poking the sun
     
    I am:
    ----
     
    yaaarrrgg's Avatar
    Join Date
    Dec 2007
    Posts
    1,249
    Local Date
    11-19-2018
    Local Time
    11:54 AM
    Points
    820

    Re: home page over https

    Yeah I just ran into a login issue. The http:// and https:// mismatch is what's causing the login/session issue.

    The cookie is saved under the https url, then the "home" link routes back to the http url. These are two different sites as far as the browser is concerned. So the cookie is ignored, and the session is lost on http. The whole site needs to be either all http or all https, but it should not mix the two protocols.

  7. #7
    Senior Member
    This user has no status.
     
    I am:
    Cool
     

    Join Date
    Nov 2009
    Location
    Northeast
    Posts
    9,605
    Local Date
    11-19-2018
    Local Time
    12:54 PM
    Points
    30,410
    Gifts Kitten

    Re: home page over https

    Perhaps spot or Bryn will have occasion to stop by and fix the issue now that it's been diagnosed.
    “Those who can make you believe absurdities can make you commit atrocities,”
    Voltaire

  8. #8
    Senior Member
    is .
     
    I am:
    Happy
     
    Bryn Mawr's Avatar
    Join Date
    Feb 2006
    Location
    London
    Posts
    15,320
    Local Date
    11-19-2018
    Local Time
    05:54 PM
    Points
    23,264
    Gifts Balloons Car Gift Naughty Mag Certificate Beer Beer

    Re: home page over https

    Quote Originally Posted by Ahso! View Post
    Perhaps spot or Bryn will have occasion to stop by and fix the issue now that it's been diagnosed.
    I'd love to but ... I'll have a word with Spot and see if he can do the honours :-) BTW, thanks for taking the time to look into it

  9. #9
    Zero mod strikes. HAH!!!
    This user has no status.
     
    I am:
    Crazy
     
    YZGI's Avatar
    Join Date
    Apr 2006
    Location
    Middle America
    Posts
    11,495
    Local Date
    11-19-2018
    Local Time
    11:54 AM
    Points
    6,181
    Gifts Beer Naughty Mag Beer

    Re: home page over https

    I can't seem to figure out how to post pics anymore. I click on manage attachments and nothing happens..

  10. #10
    Supporting Member
    is risen
     
    I am:
    Happy
     
    spot's Avatar
    Join Date
    Apr 2005
    Location
    Brigstow
    Posts
    34,462
    Local Date
    11-19-2018
    Local Time
    05:54 PM
    Points
    55,139
    Gifts Heart Car Beer Beer Burger Cake Ban Hammer Beer

    Re: home page over https

    Register to remove this ad.
    Quote Originally Posted by yaaarrrgg View Post
    The problem are these lines:

    <script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=404"></script>
    <script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/connection/connection-min.js?v=404"></script>
    I'm back in England. I was away, I'm now back.

    I'll take a week to plan a migration, I do know we have a collection of issues which have to be cleaned up and a fresh server with a current version of vBulletin is what's needed. I've tried three times, though not recently, to migrate, and failed on details. I have my notes, I've a far better idea of what's needed, and I now have enough time to push it to completion.

    I'll try to post enough information to show what's coming up and when it will cause disruption, it's definitely going to take the site offline for a day eventually.
    Nullius in verba|||||||||||
    Who has a spare two minutes to play in this month's FG Trivia game!

    The watch of your vision has become reasonable today.

    It’s normal. You must provoke. You must insult the belief of all monotheists. You must make fun of the belief of all monotheists.
    From the upper tier of the Leppings Lane End of the Hillsborough Stadium, I watched the events of that day unfold with horror.
    When the flowers want to oxygen and nutrition, or you’re a wedding or party planner, I will help you too much.
    Write that word in the blood

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Search Engine Optimization by vBSEO 3.5.2