Solved SSL Padlock on r4p3.net

Status
Not open for further replies.

Amin3Nator

Active Member
Sep 24, 2015
68
29
93
hi I think there is a problem with ur SSL Certification on the Home page of the forum

2056
 
E

ewenjo

It's because a recent profile post includes an unencrypted HTTP link which is shown on the front page. So the website is not "fully" encrypted because of this one file.
OutrageousKagu380.jpg
 

Alligatoras

Administrator
Mar 31, 2016
2,570
12
2,857
381
Changed the link to contain "https". The issue has been solved.
Unfortunatetly, we can't do many things to prevent that, only change the links manually.
 

gajdi

New Member
Jul 4, 2018
2
1
18
Or you could set up an event listener on the client-side to check the post when the user submits to replace every occurrence of http:// to https://
The same can be done and necessary on the backend as well.
And you can always educate the users by informing them to use the proper protocol whenever they try to post http.
Although, some broken links will surely be present when someone tries to share some shitty old site.
 

bindik

VIP
May 10, 2016
40
24
55
Or you could set up an event listener on the client-side to check the post when the user submits to replace every occurrence of http:// to https://
The same can be done and necessary on the backend as well.
And you can always educate the users by informing them to use the proper protocol whenever they try to post http.
Although, some broken links will surely be present when someone tries to share some shitty old site.
What if the service doesnt have SSL certificate at that endpoint? Browser would just refuse the connection
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
Browser would just refuse the connection
In the past, we only accepted imgur links and forced them to https. That worked quite well but the downside is everyone has to know to upload everything to Imgur unless we scraped image links, placed them to Imgur, then replaced image urls.
 

tagKnife

Well-Known Member
Oct 2, 2015
343
270
146
Just add
Code:
Content-Security-Policy: upgrade-insecure-requests; default-src https:
to the servers headers.
 
Last edited:
Status
Not open for further replies.
Top