Nashy Posted October 3, 2016 Share Posted October 3, 2016 On 9/25/2016 at 10:45 PM, DaveLegg said: You could load it via https previously, but now if you hit the news side of things on http, it will automatically redirect you to https. We'll be doing the same for the forums once we figure out what to do about all the embedded images in posts that use http rather than https to avoid users getting mixed-content warnings on every page Can you report how you guys end up sorting it out? I have the same issue on my board, and it drives me insane. Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted October 4, 2016 Author Administrators Share Posted October 4, 2016 8 hours ago, Nashy said: Can you report how you guys end up sorting it out? I have the same issue on my board, and it drives me insane. Further back in this topic a member linked to a HTTPS proxy add-on for IPB, this is what we used. Nashy and Draconian Guppy 2 Share Link to comment Share on other sites More sharing options...
tiagosilva29 Posted October 12, 2016 Share Posted October 12, 2016 https://observatory.mozilla.org/analyze.html?host=www.neowin.net Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted October 12, 2016 Developer Share Posted October 12, 2016 53 minutes ago, tiagosilva29 said: https://observatory.mozilla.org/analyze.html?host=www.neowin.net https://www.ssllabs.com/ssltest/analyze.html?d=www.neowin.net Link to comment Share on other sites More sharing options...
tiagosilva29 Posted October 13, 2016 Share Posted October 13, 2016 The Observatory lists Qualys' test as a third-party scan. Just wanted to let you know of your score, devs. Link to comment Share on other sites More sharing options...
Jason S. Global Moderator Posted October 14, 2016 Global Moderator Share Posted October 14, 2016 DaveLegg - are you familiar w/ HSTS? i was not until last week. we're implementing it now on our websites here at work. the long and short of it is HSTS forces a website to remain on https after the 1st https connection is made. Say, you login to Neowin using https, then every other connection on the site will be forced to use https thereafter. Danielx64 1 Share Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted October 14, 2016 Developer Share Posted October 14, 2016 3 hours ago, Jason S. said: DaveLegg - are you familiar w/ HSTS? i was not until last week. we're implementing it now on our websites here at work. the long and short of it is HSTS forces a website to remain on https after the 1st https connection is made. Say, you login to Neowin using https, then every other connection on the site will be forced to use https thereafter. So familiar in fact, that it's already deployed on Neowin Marshalus, Danielx64 and +Kyle 3 Share Link to comment Share on other sites More sharing options...
Boo Berry Posted November 4, 2016 Share Posted November 4, 2016 (edited) On 10/1/2016 at 11:39 AM, Boo Berry said: Main forum index. @DaveLegg there's another one on the main forum index. http://pbs.twimg.com/profile_images/1026745769/7d801ed2-a542-4435-9e46-ced408c6b66d_normal.png And there's one in this topic: https://www.neowin.net/signatures/33232.png It ends in a 404, so it's a dead link but it still pops up with a mixed content warning in Chrome. Link to comment Share on other sites More sharing options...
Recommended Posts