MyBB Community Forums

Full Version: Insecure content blocked [FIX]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi, I'm having problem of it for while until I decided to try to expirement. It takes me about 3 hours to figure it out with the help with this thread Because whatever I tried doesn't work 'till I realized I edited the wrong file  Big Grin Big Grin Here how I did it.

1. Login to your Filemanager in your host.
2. Find .htaccess not .htaccess.text or htaccess-nginx.txt
3. Add the code. Make sure to backup the original codes incase.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Content-Security-Policy "upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "deny"
Header always set X-XSS-Protection "1; mode=block"

4. Save it and ta da!

Screenshots attached.

What is the difference in your before/after images? I suppose you added them as proof your forum still works after your edits?
updated, i forgot to highlight the changes.
The reason why it happened on https is because your images or videos were http based.
The better solution is to search and replace http to https in your templates and theme css.

The header( default-src https: ) that changes all your http to https has the drawback is that suppose any user adds http avatar or an http image than that content will not be visible and it will show broken image.
Better solution is to host the user images and serve them via proxy so that they are always https.