Log in to ZYGOR
Log in with social media
OR
Log in with Zygor account
Forgot your password?

Announcement

Collapse
No announcement yet.

Broken SSL on forum pages

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Broken SSL on forum pages

    Hello there, on the forums there are plenty of areas where SSL is broken (such as showthread pages & forumdisplay (not forum home page but rather where the threadlists are). Here's a breakdown of why that is.

    https://www.whynopadlock.com/results...0-cc229153c23c

    Just browse on down to Mixed Content - Errors

    A quick fix is to insert this into vbulletin's headinclude template for your style.

    Code:
    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
    Originally posted by https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
    The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten.

    The upgrade-insecure-requests directive will not ensure that users visiting your site via links on third-party sites will be upgraded to HTTPS for the top-level navigation and thus does not replace the Strict-Transport-Security (HSTS) header, which should still be set with an appropriate max-age to ensure that users are not subject to SSL stripping attacks.
    Last edited by vgchat; July 10, 2019, 07:17 PM.
    Tags: None
    #2
    The forums are very old and we are planning to give them a major overhaul which should also address this.
    Become a Fan of Zygor Guides on Facebook:
    http://www.facebook.com/pages/Zygor-...04933799556988

    Follow Zygor Guides on Twitter:
    http://twitter.com/zygorguides

    Comment

      #3
      Originally posted by ZG Support 1 View Post
      The forums are very old and we are planning to give them a major overhaul which should also address this.
      vbulletin 5 is finally mature and should be an easy upgrade https://www.vbulletin.com/en/upgrade/

      (Current Version 5.4.2)

      https://forum.vbulletin.com/forum/vb...-now-available

      Comment

      Previous template Next
      Working...
      X