Jan-10-2017, 08:35 PM
It must be because i clicked to load unsafe scripts at this point
But then i have to ask what is this trying to load that makes it unsecure.
But then i have to ask what is this trying to load that makes it unsecure.
Jan-10-2017, 08:50 PM
I think it's because of the chat section on the bottom of the page. FF says that some content is not secure and display padlock with ! next to the address bar. If you hide the chat section and reload then it's OK. I see this only on the first page where the chat section is
Jan-10-2017, 09:04 PM
(Jan-10-2017, 08:50 PM)buran Wrote: [ -> ]I think it's because of the chat section on the bottom of the page. FF says that some content is not secure and display padlock with ! next to the address bar. If you hide the chat section and reload then it's OK. I see this only on the first page where the chat section isI think you are right. I globally set the chatbox to close, as it saves bandwidth anyways.
Jan-11-2017, 10:54 PM
it wasnt the chatbox, it was unsecure fonts being loaded via http instead of https form a plugin
I installed a new plugin (DVZ secure content) which restricts non secure content (non-https) for avatars, fonts, mycode images, remote avatars, mycode video, etc.
The errors were from a font used from a plugin
so i just manually switched it
But that might be a concern in the future if we install another plugin or theme, or something else that hard coded http into their code.
I installed a new plugin (DVZ secure content) which restricts non secure content (non-https) for avatars, fonts, mycode images, remote avatars, mycode video, etc.
The errors were from a font used from a plugin
Quote:Mixed Content: The page at 'https://python-forum.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Ubuntu:400,700'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://python-forum.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.
(index):43 Mixed Content: The page at 'https://python-forum.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Ubuntu:400,700'. This request has been blocked; the content must be served over HTTPS.
(index):43 Mixed Content: The page at 'https://python-forum.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.
so i just manually switched it
$ sudo grep -ril http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css [sudo] password for metulburr: cache/themes/theme1/guestwarn.min.css cache/themes/theme1/guestwarn.css inc/plugins/guestwarn.php $ sudo vim cache/themes/theme1/guestwarn.min.css $ sudo vim cache/themes/theme1/guestwarn.css $ sudo vim inc/plugins/guestwarn.php $ sudo grep -ril http://fonts.googleapis.com/css?family=Ubuntu:400,700 $ sudo grep -ril http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css $ sudo grep -ril http://fonts.googleapis.com/css?family=Ubuntu:400,700 $After this my browsers now says the console is clean and no errors, no unsecure content, and fully secure, whereas before it just gave a warning saying it blocked the non secure content.
But that might be a concern in the future if we install another plugin or theme, or something else that hard coded http into their code.
Jan-20-2017, 08:10 PM
https://www.python-forum.net/ does not seem to work?
Jan-20-2017, 11:25 PM
(Jan-20-2017, 08:10 PM)Kebap Wrote: [ -> ]https://www.python-forum.net/ does not seem to work?Ummm....im not sure how to do that. I did switch .net to redirect to .io's https version instead, but though themselves are not https. That may take a bit to update.
.net domain is just redirected to .io domain.
Hasnt .io been the main one?
EDIT:
but there is no server side change as straight from the domain it is redirected to .io (at least not the method i did)