Problem with HTTPS of the forum

Mongibello · June 18, 2020, 9:27pm

Firefox reveals that the forum is only partially encrypted, it is a problem that has been around for some time.

I think it’s important to report this to you.

esmailelbob · June 12, 2020, 10:50pm

yup, mixed contents means site is fine but part of it not https like images for example — maybe i am wrong so correct me

hauntsanctuary · June 13, 2020, 4:01am

The point was if you link stuff (in this case an image fom an external site) an attacker could intercept and substitute the linked image. Its just that. The site itself is fine.

LOK_48SEAL · June 13, 2020, 10:47am

I only see one insecure (http) connection in the developer tools, and the server responded with a 301 (permanent redirect) to it’s encrypted version:

http://cdn-forum.privacytools.io/uploads/default/original/2X/8/85d44c7abe616fa958642f933cfc4c7affea9cdd.svg

https://cdn-forum.privacytools.io/uploads/default/original/2X/8/85d44c7abe616fa958642f933cfc4c7affea9cdd.svg

A_user · June 15, 2020, 11:09pm

forcing https from the start with https everyware fix this

Mongibello · June 16, 2020, 12:44pm

I use already HTTPS Everywhere.

A_user · June 16, 2020, 10:53pm

yes you need to enable hsts

Mongibello · June 18, 2020, 7:37pm

How can I enable HSTS?

jonah · June 18, 2020, 9:26pm

HSTS is enabled for privacytools.io (preloaded, with subdomains).

jonah · June 18, 2020, 9:27pm

Oops, sorry it took me a bit to get around to investigating this. It should be fixed now, thanks for reporting.