WXforum.net

Administration => WXForum Bugs/Suggestions => Topic started by: nincehelser on November 08, 2018, 05:34:22 PM

Title: wxforum.net now showing "not secure" in chrome browser
Post by: nincehelser on November 08, 2018, 05:34:22 PM
Subject says it all.  It just started today.

Here's a screen shot:

 [ You are not allowed to view attachments ]
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: mcrossley on November 08, 2018, 05:40:03 PM
try going to the https:// version of the web site. It doesn't look like the http redirect is working properly.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: nincehelser on November 08, 2018, 05:42:50 PM
try going to the https:// version of the web site. It doesn't look like the http redirect is working properly.

That looks OK until I log in.

Usually I don't type http or https.  I just type wxforum.net in the address bar.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: WeatherHost on November 08, 2018, 05:50:28 PM
Sorry, but I don't let G tell me what to do or how.  I let sites like this do as they wish.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: saratogaWX on November 08, 2018, 06:02:12 PM
The basic forum uses all HTTPS.  The problem of Avatars (remotely loaded) and Signature images (remotely loaded) or embedded images in posts (remotely loaded) via HTTP causes the 'Not Secure' to turn on due to the mixed https/http media loading.

Turn off (in your profile) the display Avatar and display Signatures, and most topics without imbedded images using http will display as "Secure".

It's not a bug.. it's the way HTTPS works -- mixed media will defeat the "Secure" page.

BTW.. this post remains 'Secure' when Avatar and Signatures are omitted.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: galfert on November 08, 2018, 09:20:29 PM
Perhaps in the avatar and signature section we could add a blurb about recommending HTTPS links rather than HTTP links. Would that fix it? Or does it still break security because an external HTTPS link doesn't match the main site URL certificate?
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: nincehelser on November 08, 2018, 09:35:58 PM
I don't understand why this is suddenly a problem now.

It's now even telling me in red once in a while.

 [ You are not allowed to view attachments ]
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: saratogaWX on November 08, 2018, 09:41:24 PM
Perhaps in the avatar and signature section we could add a blurb about recommending HTTPS links rather than HTTP links. Would that fix it? Or does it still break security because an external HTTPS link doesn't match the main site URL certificate?

Yes, having folks use https:// on all their Signature links (that result in images) would help.

No, the external HTTPS links don't have to match our cert -- the browser uses the external link site's cert for that https connection.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: saratogaWX on November 08, 2018, 09:42:20 PM
I don't understand why this is suddenly a problem now.

It's now even telling me in red once in a while.

 [ You are not allowed to view attachments ]
so what does it say if you click on the 'Not Secure'?  It should tell you what it is declaring not secure.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: nincehelser on November 08, 2018, 09:49:06 PM
I don't understand why this is suddenly a problem now.

It's now even telling me in red once in a while.

 [ You are not allowed to view attachments ]
so what does it say if you click on the 'Not Secure'?  It should tell you what it is declaring not secure.

This is what it says when it is in normal type:

 [ You are not allowed to view attachments ]


I'm not sure what's causing it to go "red" once in a while.  Wording looks similar...

 [ You are not allowed to view attachments ]

Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: saratogaWX on November 08, 2018, 09:53:55 PM
Try doing the Profile, modify, Look and Feel,
Don't show users Avatars
Don't show users Signatures

and see if that fixes the issue.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: nincehelser on November 08, 2018, 09:58:47 PM
Try doing the Profile, modify, Look and Feel,
Don't show users Avatars
Don't show users Signatures

and see if that fixes the issue.


Nope.  It's still showing "not secure".

I think it might be going red while I'm editing a message (like now).

Went into edit mode just now.  It didn't turn red until I started typing.

Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: Jasiu on November 08, 2018, 11:22:32 PM
I'm finding that if I use the http link I get the not-secure issues in multiple browsers, but if I explicitly "https://", everything is fine. Looks like the http->https redirect isn't happening by default.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: Bushman on November 08, 2018, 11:36:16 PM
I'm finding that if I use the http link I get the not-secure issues in multiple browsers, but if I explicitly "https://", everything is fine. Looks like the http->https redirect isn't happening by default.

+1 Same here.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: saratogaWX on November 09, 2018, 12:13:09 AM
I've not engaged a http->https redirect on the forum at this time.

Google has declared all http as 'Not Secure'.  Other browsers just show no padlock or an unlocked padlock for http access(es)
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: WeatherHost on November 09, 2018, 01:32:58 AM
^^  Which is why I ignore G's hooplah and use other browsers.

People need to learn move away from G's paranoia.

Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: vreihen on November 09, 2018, 05:48:10 AM
I don't understand why this is suddenly a problem now.

The latest Chrome update came with pre-release warnings that they were going to bump the SSL strictness up a notch.  They also supposedly dropped all support for a big certificate authority.

I, for one, applaud Google for raising the bar.....
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: WeatherHost on November 09, 2018, 06:03:37 AM
^^  I don't.  They're trying to take over the world and I despise them for it.

There is nothing here at the user level for the need of the 's'.  There is no personal information and no financial transactions.  If Admin wants security at the server level to thwart hacking, that's not for users to worry about.  And definitely not for G to annoy everyone over.

Stop using their spyware browser, and you'll have less trouble.  Yes, they track everything you do, even if they refuse to admit it.  Their entire reason for being is to gather and sell information.



Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: Jasiu on November 09, 2018, 09:38:22 AM
Firefox warns on this page that some content isn't secure, as Ken has noted.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: ValentineWeather on November 09, 2018, 10:31:13 AM
I normally use chrome but was looking at the latest Firefox you can now view passwords if you forget. Nice added feature I wasn't aware of.  [ You are not allowed to view attachments ]
Biggest issue I have with FF or would use as primary browser it won't remember the website size you may have adjusted too. It always resets to 100% after each visit.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: WeatherHost on November 09, 2018, 11:14:29 AM
you can now view passwords if you forget. Nice added feature I wasn't aware of.

SeaMonkey has done that since like forever.  And Mozilla Suite before it.

Same thing with a lot of features of 'new' browsers.  Just old hat for the king of browsers.  But they're suffering now because G is demanding changes that will ultimately cripple some of the best features.  G couldn't join them or beat them, so they are forcing changes to the game.

Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: soggyair on November 10, 2018, 04:42:53 PM
New kid on the block.

Logged in on the https:// version. Got Security Warning as shown in attachment. After doing 'continue' was sent to http:// version.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: ValentineWeather on November 10, 2018, 05:01:05 PM
New kid on the block.

Logged in on the https:// version. Got Security Warning as shown in attachment. After doing 'continue' was sent to http:// version.

Don't open attachment..First time poster. 
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: vreihen on November 10, 2018, 07:15:33 PM
Don't open attachment..First time poster.

Would you care to cite the specific reason why the attachment should not be opened?

Welcome to the forum, @soggyair!  Oh, and kudos for using DuckDuckGo as your browser's default search engine.....

Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: ValentineWeather on November 10, 2018, 07:36:56 PM
Don't open attachment..First time poster.

Would you care to cite the specific reason why the attachment should not be opened?

Welcome to the forum, @soggyair!  Oh, and kudos for using DuckDuckGo as your browser's default search engine.....

 I don't trust attachments from first time posters. It may be safe but odd way to introduce yourself.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: saratogaWX on November 10, 2018, 07:43:22 PM
I just turned off the "Register via OpenID" option on the logon screen.. that will likely fix the issue with the mixed-content prompting the security warning shown in the PDF.

Yes, it's wise to be suspicious of a .pdf file (anytime).  Generally, screen captures in .jpg, .png, are 'safe' with no malware likely.
Title: Re: wxforum.net now showing "not secure" in chrome browser
Post by: soggyair on November 11, 2018, 11:04:29 AM

Welcome to the forum, @soggyair!  Oh, and kudos for using DuckDuckGo as your browser's default search engine.....

Thanks. You may also notice I do not use a main stream browser. But it is secure.

I just turned off the "Register via OpenID" option on the logon screen.. that will likely fix the issue with the mixed-content prompting the security warning shown in the PDF.

Yes, it's wise to be suspicious of a .pdf file (anytime).  Generally, screen captures in .jpg, .png, are 'safe' with no malware likely.

I tried different login options just now, right before this post. If I use the 3 login boxes at the top under the "did you miss....." i get the message I posted yesterday in the PDF. Did not use 'Register via OpenID'. If I login using the radio button, 4th from the left, after Home  Help  etc., a window pops up for the required info and I do not get the message. FWIW.

If it bothers folks I won't attach PDFs.