2013-11-14, 12:10 PM
Hi
I got a SSL certificate and configured the web server to use it. The forum is now available with and without SSL:
http://oedp-forum.de/bb/index.php
https://oedp-forum.de/bb/index.php
But there is one problem: the HTTPS version does use some resources linked to as HTTP, some as HTTPS. This is a problem since
1. although using encryption, unencrypted content will be loaded (renders encryption partially useless)
2. some links lead to unencrypted sites (renders encryption completely useless if user doesn't edit URLs manually)
3. Some browsers are paranoid enough to detect this problem, warn the (possibly ignorant) user and block all non-HTTPS content (renders the site unusable)
In Admin-CP I found a preference to set the forum base url ( Configuration -> Settings -> General Configuration -> board URL ), currently set to http://oedp-forum.de/bb , which is ok. I can't change it to https://oedp-forum.de/bb (which might fix the problem) since I want the users to choose whether or not they want SSL.
There is a note ("The url to your forums. Include the http://. Do NOT include a trailing slash.") for the board URL so I don't think I should change the URL to oedp-forum.de/bb . But why do I need to specify this URL? Is there a way to prevent MyBB from sending mixed content?
I got a SSL certificate and configured the web server to use it. The forum is now available with and without SSL:
http://oedp-forum.de/bb/index.php
https://oedp-forum.de/bb/index.php
But there is one problem: the HTTPS version does use some resources linked to as HTTP, some as HTTPS. This is a problem since
1. although using encryption, unencrypted content will be loaded (renders encryption partially useless)
2. some links lead to unencrypted sites (renders encryption completely useless if user doesn't edit URLs manually)
3. Some browsers are paranoid enough to detect this problem, warn the (possibly ignorant) user and block all non-HTTPS content (renders the site unusable)
In Admin-CP I found a preference to set the forum base url ( Configuration -> Settings -> General Configuration -> board URL ), currently set to http://oedp-forum.de/bb , which is ok. I can't change it to https://oedp-forum.de/bb (which might fix the problem) since I want the users to choose whether or not they want SSL.
There is a note ("The url to your forums. Include the http://. Do NOT include a trailing slash.") for the board URL so I don't think I should change the URL to oedp-forum.de/bb . But why do I need to specify this URL? Is there a way to prevent MyBB from sending mixed content?