It's awesome that NoCAPTACH has been implemented into the latest build of MyBB but my forum uses SSL encryption and it doesn't seem to work
How can I fix?
You glorious human being, thank you!
i work it out by using relative url, removing all the http:
$this->server = "//www.google.com/recaptcha/api"
One thing i don't understand, isn't this supposed to be automatic when i force SSL using CF flexible SSL as i have both server and secure_server in the class_captcha.php
$this->server = "http://www.google.com/recaptcha/api";
$this->secure_server = "https://www.google.com/recaptcha/api";
Is it because host does not have SSL cert causing it not able to automatic switch to use secure_server google link as above?
(2015-03-04, 11:58 PM)xiaoming Wrote: [ -> ]One thing i don't understand, isn't this supposed to be automatic when i force SSL using CF flexible SSL as i have both server and secure_server in the class_captcha.php
$this->server = "http://www.google.com/recaptcha/api";
$this->secure_server = "https://www.google.com/recaptcha/api";
Is it because host does not have SSL cert causing it not able to automatic switch to use secure_server google link as above?
By default, the connection between CloudFlare and your server is not encrypted (
Flexible or
Off), so your server (and MyBB) receives requests over the standard HTTP protocol.
You can enable that encryption by setting the SSL mode in the CloudFlare panel to
Full or
Strict, in which case your server would have to be able to respond to requests over HTTPS (some shared hosts allow that, but the certificates are self-signed, which means a certificate warning would be displayed to a user trying to connect through
https:// directly to the server [not over CloudFlare]). While self-signed certificates will do just fine for
Full mode (the certificate can be self-signed, as it is an internal one, used between CF and your server only), the
Strict mode additionally requires that certificate to be signed by a certificate authority (which improves security by assuring that the second connection [CF ⇄ your server] hasn't been tampered with and no one could have seen its contents).