BibleForums Christian Message Board

General Category => Talk to the Moderators => Topic started by: Athanasius on May 27, 2021, 09:02:19 AM

Title: TLS
Post by: Athanasius on May 27, 2021, 09:02:19 AM

It would be great if TLS were enabled by default + HTTP redirecting to HTTPS for any and all requests. As it is, transmitting passwords unencrypted isn't great. :S

Title: Re: TLS
Post by: The Parson on May 27, 2021, 09:07:38 AM

Let me see what I can do.

Title: Re: TLS
Post by: The Parson on May 27, 2021, 10:19:22 AM

It is enabled to default.

Title: Re: TLS
Post by: Athanasius on May 27, 2021, 11:14:01 AM

Yeah, looks better now. Only two issues:

https://www.whynopadlock.com/results/82551f3b-976b-48c6-9ab9-3ab6b3f3a46a

"An image with an insecure url of "http://bibleforums.us/bibleforumslogo.png" was loaded on line: 214 of https://bibleforums.us/."

The Bible image in the header, in other words. It's also possible to access the site over HTTP:

Quote

curl -I http://bibleforums.us
HTTP/1.1 200 OK
Date: Thu, 27 May 2021 15:13:14 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Pragma: no-cache
Cache-Control: private
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: PHPSESSID=3afd9f500879c0c576f2003fd6e74095; path=/
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 27 May 2021 15:13:15 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Type: text/html; charset=UTF-8

Ideally, this would 301 to https://bibleforums.us.