EFC has switched to https (fully secure connection)
Feb 22, 2020 14:38:31 GMT
Harry Lillis "Bing" Crosby Jr and Gone like this
Post by Saltin on Feb 22, 2020 14:38:31 GMT
Finally! PB has switched to a secure connection so our forum address is now https instead of http. Here is a partial post from Patrick Clinger the ProBoards Admin:
As many of you are aware, there has been a push to move all websites to HTTPS to increase security for all websites online. We have been preparing for this transition for over a year now, and are ready to move forward. There are a couple things you should be made aware of, so please read on.
Redirecting to HTTPS
When this change goes live, we will automatically redirect forums from http to https.
Mixing HTTPS & HTTP Content
In order for your web browser to identify a website as "secure" at the top, everything that loads from that website must be loaded securely over https. When visiting a secure webpage, if that webpage loads an image or other content from a webpage that is http (not https), this is not considered secure. Therefore, browsers may display a warning message such as this one from Chrome:
Across ProBoards, users have posted literally millions of pictures, many of which load from insecure websites. These pictures might be in posts, avatars, or even forum logos. When you load your forum, we want the browser to say that it is fully secure. How can we do that when users have included images from insecure websites in their posts?
Forcing all Content to HTTPS
Thankfully, there is a simple solution which modern browsers support. Websites have a special way to tell browsers that all content should load over https, even if the webpage has images or other content that are http. This results in a secure connection for all content.
But, there is a catch.
When you load a secure webpage, and the browser is told to load all content securely, what happens to hotlinked content on websites that don't allow https? The content will fail to load. This browser feature exists to ensure webpage content stays 100% secure.
Example scenario:
Your forum is european-war-4.boards.net
You hotlink an image from example.com/logo.jpg
Let's pretend that example.com does not allow https connections
The image will fail to load
What about content hosted by ProBoards (uploaded avatars, theme CSS, plugin JavaScript, etc)?
Content that loads from ProBoards servers will work without issue.
As many of you are aware, there has been a push to move all websites to HTTPS to increase security for all websites online. We have been preparing for this transition for over a year now, and are ready to move forward. There are a couple things you should be made aware of, so please read on.
Redirecting to HTTPS
When this change goes live, we will automatically redirect forums from http to https.
Mixing HTTPS & HTTP Content
In order for your web browser to identify a website as "secure" at the top, everything that loads from that website must be loaded securely over https. When visiting a secure webpage, if that webpage loads an image or other content from a webpage that is http (not https), this is not considered secure. Therefore, browsers may display a warning message such as this one from Chrome:
Across ProBoards, users have posted literally millions of pictures, many of which load from insecure websites. These pictures might be in posts, avatars, or even forum logos. When you load your forum, we want the browser to say that it is fully secure. How can we do that when users have included images from insecure websites in their posts?
Forcing all Content to HTTPS
Thankfully, there is a simple solution which modern browsers support. Websites have a special way to tell browsers that all content should load over https, even if the webpage has images or other content that are http. This results in a secure connection for all content.
But, there is a catch.
When you load a secure webpage, and the browser is told to load all content securely, what happens to hotlinked content on websites that don't allow https? The content will fail to load. This browser feature exists to ensure webpage content stays 100% secure.
Example scenario:
Your forum is european-war-4.boards.net
You hotlink an image from example.com/logo.jpg
Let's pretend that example.com does not allow https connections
The image will fail to load
What about content hosted by ProBoards (uploaded avatars, theme CSS, plugin JavaScript, etc)?
Content that loads from ProBoards servers will work without issue.
