SSL not fully secure

Discussion in 'Site Discussions & Suggestions' started by PokeAcer, Nov 7, 2015.

  1. PokeAcer

    PokeAcer Banned

    May 28, 2015
    United Kingdom
    Firefox complains on pages (not the create post one WEIRDLY) that some content (etc images) are not being sent via HTTPS, so it's not fully secure. If you're using scripts, may we have them changed to use HTTPS, and if images, may you use /<location too> like does so that http loads via http, https via https, etc..
  2. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    the website is hosted on a secure server.
    The images (user's signature for example) are hosted on unsecured servers and linked/displayed here.

    Avatar should be safe. Gravatar is on secure website with SSL. GBAtemp's avatar are served on SSL too.
    But all other uploaded and linked elements are not (post a photo, post a signature, post a smiley from another website, etc.).

    replacing http to https is not enough to make it secure if the server doesn't have a SSL certificate to encrypt the hosted/linked picture.

    as an example :

    You are probably already using HTTPS on gbatemp, so now click on the top-right icon (the filetrip upload button on the user's bar)
    GBATemp is trying to replace all http to https (yes, it's already doing what you suggested), but filetrip does NOT have a SSL certificate resulting in a white screen because it can't serves it. (or firefox is blocking non secured website using https protocol, that's worse than using http because the served data doesn't match the requested one)
    Now use http on gbatemp, try the same link and it works.

    go to it will not work.
    adding "s" to the protocol doesn't make a website secure. at best it makes it the same, at worse it make it unbrowsable.
    PokeAcer and T-hug like this.