Website not secured?

Ask a question or request a feature related to the website or forum...

Moderator: scott

User avatar
TGM
Enthusiast
Enthusiast
Posts: 234
Joined: Tue Jul 02, 2013 7:39 pm
Location: Florida, USA

Post by TGM »

scott wrote:I made a change so now https:// is the default.
Thanks,
Scott
While you did that, until all your internal links go to https sources, the browser will always call the site insecure, regardless of the SSL cert. Any image that is loaded via http will also cause the site to go insecure.

For example, I just looked at your source. Things like this will kill the lock:

<LINK REL="SHORTCUT ICON" HREF="http://www.besslerwheel.com/favicon.ico">

All references should be https.

Additionally, you can also add code in the htaccess file in your webserver directory to detect and force https for those requests coming in on http.
"Orffyreus commented that when the secret is revealed, he is afraid that people will complain that the idea is so simple it is not worth the asking price."
User avatar
agor95
Addict
Addict
Posts: 7724
Joined: Wed Sep 24, 2008 8:09 pm
Location: Earth Orbit
Contact:

re: Website not secured?

Post by agor95 »

Thank you Scott for your work on this tricky subject.

The act of redirecting web requests to https:// and re-writing links to the sames is an issue others have suffered.

There are other after this one unfortunately.

regards.
[MP] Mobiles that perpetuate - external energy allowed
User avatar
scott
Site Admin
Site Admin
Posts: 1409
Joined: Tue Nov 04, 2003 7:05 am
Location: Colorado
Contact:

Post by scott »

TGM wrote:While you did that, until all your internal links go to https sources, the browser will always call the site insecure, regardless of the SSL cert. Any image that is loaded via http will also cause the site to go insecure.

For example, I just looked at your source. Things like this will kill the lock:

<LINK REL="SHORTCUT ICON" HREF="http://www.besslerwheel.com/favicon.ico">
While you are correct, when I click around on the site, the https:// stays active, and I think it only really matters on the login page anyway, so I am probably going to leave it as it.

Thanks,
Scott
Thanks for visiting BesslerWheel.com

"Liberty is the Mother, not the Daughter of Order."
- Pierre Proudhon, 1881

"To forbid us anything is to make us have a mind for it."
- Michel de Montaigne, 1559

"So easy it seemed, once found, which yet unfound most would have thought impossible!"
- John Milton, 1667
User avatar
TGM
Enthusiast
Enthusiast
Posts: 234
Joined: Tue Jul 02, 2013 7:39 pm
Location: Florida, USA

Post by TGM »

scott wrote:
TGM wrote:While you did that, until all your internal links go to https sources, the browser will always call the site insecure, regardless of the SSL cert. Any image that is loaded via http will also cause the site to go insecure.

For example, I just looked at your source. Things like this will kill the lock:

<LINK REL="SHORTCUT ICON" HREF="http://www.besslerwheel.com/favicon.ico">
While you are correct, when I click around on the site, the https:// stays active, and I think it only really matters on the login page anyway, so I am probably going to leave it as it.

Thanks,
Scott

Suit yourself. Eventually, browsers like Chrome will simply turn off access to those sites not fully https compliant. Just a heads up.
"Orffyreus commented that when the secret is revealed, he is afraid that people will complain that the idea is so simple it is not worth the asking price."
User avatar
scott
Site Admin
Site Admin
Posts: 1409
Joined: Tue Nov 04, 2003 7:05 am
Location: Colorado
Contact:

re: Website not secured?

Post by scott »

TGM wrote:Eventually, browsers like Chrome will simply turn off access to those sites not fully https compliant. Just a heads up.
That is not true. No browser will ever block non-SSL sites. They will just show a warning. And the login page is now SSL enabled by default. That is the only page that matters on this website.
Thanks for visiting BesslerWheel.com

"Liberty is the Mother, not the Daughter of Order."
- Pierre Proudhon, 1881

"To forbid us anything is to make us have a mind for it."
- Michel de Montaigne, 1559

"So easy it seemed, once found, which yet unfound most would have thought impossible!"
- John Milton, 1667
Post Reply