Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Insecure content blocked [FIX]
#1
Thumbs Up 
This user has been denied support. This user has been denied support.
Hi, I'm having problem of it for while until I decided to try to expirement. It takes me about 3 hours to figure it out with the help with this thread https://community.mybb.com/thread-210349.html. Because whatever I tried doesn't work 'till I realized I edited the wrong file  Big Grin Big Grin Here how I did it.

1. Login to your Filemanager in your host.
2. Find .htaccess not .htaccess.text or htaccess-nginx.txt
3. Add the code. Make sure to backup the original codes incase.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Content-Security-Policy "upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "deny"
Header always set X-XSS-Protection "1; mode=block"

4. Save it and ta da!

Screenshots attached.

br,
GSMKing

https://gsmunited.com.ph/


Attached Files Thumbnail(s)
           
Reply
#2
What is the difference in your before/after images? I suppose you added them as proof your forum still works after your edits?
Reply
#3
This user has been denied support. This user has been denied support.
updated, i forgot to highlight the changes.
Reply
#4
The reason why it happened on https is because your images or videos were http based.
The better solution is to search and replace http to https in your templates and theme css.

The header( default-src https: ) that changes all your http to https has the drawback is that suppose any user adds http avatar or an http image than that content will not be visible and it will show broken image.
Better solution is to host the user images and serve them via proxy so that they are always https.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)