d2jsp
Log InRegister
d2jsp Forums > d2jsp > Site Suggestions > Site Suggestions Archive >
Poll > Enforce Https? > On D2jsp
Closed New Topic New Poll
  Guests cannot view or vote in polls. Please register or login.
Member
Posts: 42
Joined: Dec 19 2015
Gold: 733.00
Aug 19 2017 04:21am
Hello,

I noticed the forum does not automatically enforce an SSL connection. Enabling a browser plugin to enforce https gives some advantages but IMO more downsides.
Now when i wanted to buy a signature, typing in my FG password to transfer the FG to someone i noticed no https connection just when i was about to hit the send button.

I'm quite aware this is the responsibility of the user, but preventing these issues would take some tech support / scams out of the Admins hands.

I hope someone can shine a light on this matter as i'm quite sure i'm not the first one bringing this up.

Some points to discuss:
  • Mixed content http/https (renders the green lock red or orange)
  • Performance (http/2, compression, cloudflare)
  • What more?


Kind regards

Edit:

Old topic got closed for whatever reason, got permission to repost. Old topic: https://forums.d2jsp.org/topic.php?t=77075711&f=258

This post was edited by techandme on Aug 19 2017 04:31am
Retired Moderator
Posts: 25,297
Joined: Aug 23 2006
Gold: 8,273.60
Trader: Trusted
Aug 19 2017 04:30am
Yes, please.

This post was edited by MrBommel on Aug 19 2017 04:40am
Member
Posts: 42
Joined: Dec 19 2015
Gold: 733.00
Aug 19 2017 04:56am
  • Problem with the mixed content is that some users wear signatures with http images. Its possible to rewrite those urls to https. Problem then is that some hosters do not support https but, the majority does.
    The connection is and stays encrypted but just not the images shown. This results in the green lock in the address bar to show orange or red, browser dependant.

    I've had this problem on some of my websites and it should be easy to fix. But we do have to test how this would translate to d2jsp.
  • Performance wont be an issue when using the right protocols http/2, there are mucho grande tools to debug where the bottlenecks are and how to solve them.

    edit: ran gtmetrix
    https://gtmetrix.com/reports/forums.d2jsp.org/6HVGIKt8 HTTPS Fully Loaded Time 408ms
    https://gtmetrix.com/reports/forums.d2jsp.org/QmLBeHRi HTTP Fully Loaded Time 262ms

  • Cloudflare see for yourself: https://www.cloudflare.com/
    I've enabled it on every website I have.


This post was edited by techandme on Aug 19 2017 05:02am
Member
Posts: 16,621
Joined: Jan 7 2017
Gold: 90.58
Aug 19 2017 06:28am
yes why not
Go Back To Site Suggestions Archive Topic List
Closed New Topic New Poll