Announcement

Collapse
No announcement yet.

Site says not secure.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MrsTiggywinkle
    replied
    Originally posted by Mark.B View Post

    I'm not seeing any issue on your site, can you replicate the problem yourself using a test account and requesting a new password?
    I tested it Mark.B without any problems. Will just have to wait until it happens again and try to find out what browser they use or what steps they did at the time.

    Leave a comment:


  • montana rover
    replied
    Thank you Mark for pointing me in the right direction. He's was my issue.

    I had added a "Static Module" and within it I added 3 external links and their banners in the module HTML box to show this below. It's a screen shot so clicking on it won't work.

    Click image for larger version

Name:	secure3.jpg
Views:	185
Size:	37.1 KB
ID:	4401677


    When I opened up the module and looked at the HTML code, 4 out of 6 URL didn't have the "S" after the "P" http:// to be https://. See photo below.

    Click image for larger version

Name:	secure1.jpg
Views:	71
Size:	116.6 KB
ID:	4401678


    After making the corrections, I now have a secure site!!!! Members are HAPPY once again.

    Click image for larger version

Name:	secure2.jpg
Views:	66
Size:	5.2 KB
ID:	4401679

    Hope this helps others.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by MrsTiggywinkle View Post

    Thanks Glenn I will add that but not sure it would fix the email problem as the links are definitely https.
    Mixed content won't affect links in an email, unless there's an insecure image embedded in the page linked to, which is unlikely.

    Leave a comment:


  • MrsTiggywinkle
    replied
    Originally posted by Glenn Vergara View Post
    It's inevitable for forums with user-generated content that someone would embed an external image pointing to an http address. In that case, you would get mixed content error causing no padlock icon in the address bar. To avoid that, add this in the head.

    HTML Code:
    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
    To add it on self-hosted version, you simply paste the code in head_include template.

    For vBCloud, you can re-purpose the Search Engine Tools > Google Ownership Verification HTML tag in AdminCP and add the meta tag there. Be sure to enable the Enable Google Ownership Verification if it's not enabled yet.
    Thanks Glenn I will add that but not sure it would fix the email problem as the links are definitely https.

    Leave a comment:


  • MrsTiggywinkle
    replied
    Originally posted by Mark.B View Post

    I'm not seeing any issue on your site, can you replicate the problem yourself using a test account and requesting a new password?
    I will try Mark and see what happens. (Might have to be tomorrow, half term here and grandparent duties for 4 hyper grandchildren )

    I have asked members what browser they use but no reply yet, I heard the latest Firefox might be showing Https sites as not secure but can't find any firm reports.

    Leave a comment:


  • Carrfixr
    replied
    Thanks Glenn

    Leave a comment:


  • Glenn Vergara
    replied
    It's inevitable for forums with user-generated content that someone would embed an external image pointing to an http address. In that case, you would get mixed content error causing no padlock icon in the address bar. To avoid that, add this in the head.

    HTML Code:
    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
    To add it on self-hosted version, you simply paste the code in head_include template.

    For vBCloud, you can re-purpose the Search Engine Tools > Google Ownership Verification HTML tag in AdminCP and add the meta tag there. Be sure to enable the Enable Google Ownership Verification if it's not enabled yet.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by MrsTiggywinkle View Post
    We are getting similar member reports, if they click on any email links such as forgotten password or activation links, they get a site not secure warning.
    I'm not seeing any issue on your site, can you replicate the problem yourself using a test account and requesting a new password?

    Leave a comment:


  • Mark.B
    replied
    Originally posted by montana rover View Post
    Some members are asking me about this. In the URL address, it's saying not secure. What can I do to correct this?

    Click image for larger version

Name:	secure.jpg
Views:	147
Size:	13.9 KB
ID:	4401600
    Ok for this site, on your home page you have an embedded image loaded over http rather than https, which is giving a mixed content warning:

    http://www.rvresources.com/images/rvresourceslogo.gif

    You'll need to load that over https instead, that will fix your problem.

    Leave a comment:


  • Mark.B
    replied
    I've asked about this....

    Leave a comment:


  • montana rover
    replied
    Thanks for replying, but what can we do about it. Some members go crazy...

    Leave a comment:


  • MrsTiggywinkle
    replied
    We are getting similar member reports, if they click on any email links such as forgotten password or activation links, they get a site not secure warning.

    Leave a comment:


  • montana rover
    started a topic Site says not secure.

    Site says not secure.

    Some members are asking me about this. In the URL address, it's saying not secure. What can I do to correct this?

    Click image for larger version

Name:	secure.jpg
Views:	147
Size:	13.9 KB
ID:	4401600
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X