Skip to main content
Topic: Please use HTTPS (Read 1392 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: Please use HTTPS

Reply #30
Nah, it uses Telnet! :P

Re: Please use HTTPS

Reply #31
redirect has been enabled ;) Should be fixed within the next few minutes ...
It's not. The problem is related to elkarte.net vs www.elkarte.net. I don't know what the previous behavior was, but it must've been proper. I always type no-www and expect the site to 301 redirect if it wants to (and vice versa from www to no-www!). Anything else is bad website behavior.

1. I go to elkarte.net (not logged in).
2. I click login (link points to www.elkarte.net ?action=login).
3. I'm logged in on www.elkarte.net without being prompted for a password (as expected).

Of course you can replace 2 by just clicking on home or typing www.elkarte.net etc.

Re: Please use HTTPS

Reply #32
I noted one page is not fully secure as IchBin avatar url is on non https in here.
@Spuds regarding this, I updated the site with the pull request I sent https://github.com/Spuds/Elk_Image_Cache/pull/2 seems to work, but I'm not sure if I broke anything else... especially because I didn't check if the code here at elk.net was the same as the one in the repo... sorry, I realized only while writing this text and I have already closed the file, so undo is not an option anymore... :'(
 emanuele feels stupid.
Bugs creator.
Features destroyer.
Template killer.

Re: Please use HTTPS

Reply #33
I should be fine  :) I had updated the repo with the change I made for 1.1 final.  Cool work on the avatar update !
Squish squish. squish, squish, squish.
Find a bug,
Make a wish.

Re: Please use HTTPS

Reply #34
redirect has been enabled ;) Should be fixed within the next few minutes ...
It's not. The problem is related to elkarte.net vs www.elkarte.net. I don't know what the previous behavior was, but it must've been proper. I always type no-www and expect the site to 301 redirect if it wants to (and vice versa from www to no-www!). Anything else is bad website behavior.

1. I go to elkarte.net (not logged in).
2. I click login (link points to www.elkarte.net ?action=login).
3. I'm logged in on www.elkarte.net without being prompted for a password (as expected).

Of course you can replace 2 by just clicking on home or typing www.elkarte.net etc.
Should be fixed, I've added some code to our index.php (homepage).. Just posting it here so others could benefit from the solution..

Code: [Select]
if (substr($_SERVER['HTTP_HOST'], 0, 4) !== 'www.') {
    header('Location: https://www.'.$_SERVER['HTTP_HOST']);
    exit;
}

Thorsten "TE" Eurich
------------------------

Re: Please use HTTPS

Reply #35
Seems to work okay. Btw, it probably doesn't matter much if at all unless you have really high traffic but doing it on the server ought to be faster: http://www.yes-www.org/redirection/


Re: Please use HTTPS

Reply #37
Cool !
Squish squish. squish, squish, squish.
Find a bug,
Make a wish.

Re: Please use HTTPS

Reply #38
Quote
Server Type: nginx/1.2.1
That's quite an old version of nginx.


 

Re: Please use HTTPS

Reply #40
Yeah, so long it works without any serious vulnerabilities, it should be fine, I think.