Page 1 of 2

"Connection not secure" on the homepage

Posted: Tue Apr 06, 2021 6:56 am
by teo123
Apparently, some images or scripts on the homepage are transmitted unencrypted, and the browsers complain about that. Now, I do not think it is a serious issue, as the log-in page is secure, but it can frighten people.

Re: "Connection not secure" on the homepage

Posted: Thu Apr 08, 2021 10:34 pm
by brimstoneSalad
Can you find what image it is? I have not received this notification.

Re: "Connection not secure" on the homepage

Posted: Wed Apr 14, 2021 8:40 am
by teo123
brimstoneSalad wrote: Thu Apr 08, 2021 10:34 pm Can you find what image it is? I have not received this notification.
If I open the developer tools in Firefox, apparently those are

Code: Select all

{"GET":{"scheme":"http","host":"philosophicalvegan.com","filename":"/images/patreonsupport3.jpg","remote":{"Address":"0.0.0.0:80"}}}
and a few others.

Re: "Connection not secure" on the homepage

Posted: Wed Apr 14, 2021 8:45 am
by teo123
See the line 391 on the homepage, when you are not logged in:

Code: Select all

<a href="https://www.patreon.com/philosophicalvegan" alt="Please support us on Patreon" rel="nofollow" target="_blank"><img src="http://philosophicalvegan.com/images/patreonsupport3.jpg"></a>
The "href" is "https", but "src" is "http".

Re: "Connection not secure" on the homepage

Posted: Mon Apr 19, 2021 12:19 pm
by brimstoneSalad
All of the links in the code are https




Re: "Connection not secure" on the homepage

Posted: Mon Apr 19, 2021 12:20 pm
by brimstoneSalad
Oddly they're being changed to http for some reason

Re: "Connection not secure" on the homepage

Posted: Mon Apr 19, 2021 12:36 pm
by brimstoneSalad
When I inspect it, it says http, but the current source is listed as https.
May be an .htaccess issue on your end?

I changed the code to be a relative URL. Might not work here anymore, but it's showing https on the home page now. What's it show for you?


Re: "Connection not secure" on the homepage

Posted: Tue Apr 20, 2021 8:38 am
by teo123
brimstoneSalad wrote: Mon Apr 19, 2021 12:36 pm When I inspect it, it says http, but the current source is listed as https.
May be an .htaccess issue on your end?

I changed the code to be a relative URL. Might not work here anymore, but it's showing https on the home page now. What's it show for you?

It still claims the connection is not secure, and, if I open the developer tools, it shows this:
Image
What do you mean a htaccess issue at my end? As far as I understand it, the end-user should not be able to access htaccess at all, yet alone modify it. As far as I know, htaccess is a peculiarity of Apache servers, and most modernized servers do not even have it, but have better solutions.

Re: "Connection not secure" on the homepage

Posted: Sat Apr 24, 2021 12:03 am
by brimstoneSalad
@teo123 So it's not just that one, it's all of the images?
teo123 wrote: Tue Apr 20, 2021 8:38 am What do you mean a htaccess issue at my end?
No idea. That's the only thing I can see that would cause it, but somehow it's not behaving for you. Maybe something to do with a CDN in your region, or your computer caching non-secure versions... I don't know.
This is puzzling.

Re: "Connection not secure" on the homepage

Posted: Tue Apr 27, 2021 11:49 am
by teo123
brimstoneSalad wrote: Sat Apr 24, 2021 12:03 am @teo123 So it's not just that one, it's all of the images?
teo123 wrote: Tue Apr 20, 2021 8:38 am What do you mean a htaccess issue at my end?
No idea. That's the only thing I can see that would cause it, but somehow it's not behaving for you. Maybe something to do with a CDN in your region, or your computer caching non-secure versions... I don't know.
This is puzzling.
Which browser are you using? I have noticed Gecko-based browsers (Firefox, TOR Browser...) claim my Etymology Game is insecure (rightly so, I do not think it is important to make it secure), while Chromium-based browsers (Chrome, Brave browser, Opera 15+...) claim it is secure. Chromium-based browsers apparently (I don't know the exact rules) do not check whether images and scripts are from a secure source, and claim a page is secure whenever HTML is served over HTTPS. Which is wrong.