Forum Index > Support & Feedback > Missing SSL certificate
 Reply to topic
Previous :: Next Topic
Author Message
neek
Member
Member


Joined: 12 Sep 2011
Posts: 2329 | TRs | Pics
Location: Seattle, WA
neek
Member
PostFri Oct 02, 2020 6:26 am 
You're right, it will soon be standard behavior (https://www.chromestatus.com/feature/4926989725073408). Most browsers have warned about this in the URL bar for years. There is potential server cost for encrypting traffic, since it's computationally intensive. nwhikers serves a lot of images. But making it optional at first (i.e. not redirecting everything to https) would ease the transition. Although I understand the appeal, your html cut and paste method is problematic for several reasons. Unfortunately you're not going to find anything that publishes to nwhiker's custom bbcode, and I know nothing about weebly, so can't think of an alternative that wouldn't involve some custom code or manual work. I'll keep thinking about it though since I'd like to do something similar (have my own site) some day.

Back to top Reply to topic Reply with quote Send private message
reststep
Member
Member


Joined: 17 Dec 2001
Posts: 4757 | TRs | Pics
reststep
Member
PostFri Oct 02, 2020 7:55 am 
Windows 7

"The mountains are calling and I must go." - John Muir
Back to top Reply to topic Reply with quote Send private message
Josh Journey
a.k.a Josh Lewis



Joined: 01 Nov 2007
Posts: 4830 | TRs | Pics
Josh Journey
a.k.a Josh Lewis
PostFri Oct 02, 2020 9:12 am 
neek wrote:
There is potential server cost for encrypting traffic, since it's computationally intensive.
Quote:
But for some reason, there’s a pervasive myth that SSL is slow. That installing an SSL certificate on your site will introduce too much overhead and slow things down. That might’ve been the case more than a decade ago
- Source When coupled with HTTP/2 sites load faster than ones without https + HTTP/2.
neek wrote:
But making it optional at first (i.e. not redirecting everything to https) would ease the transition.
In theory, yes. However Chrome forces non secure images to load from https which can be seen in the console errors; hence guarantee breaking all images. Without TSL/SSL there doesn't seem to be a work around.
neek wrote:
Although I understand the appeal, your html cut and paste method is problematic for several reasons.
Although using a DOM inspector to extract trip reports could work, highlighting + copying reports straight into the editor is by far the easiest way to replicate TRs. TinyMCE also supports this. Display wise it not only plays well for the end user but also promotes NWHikers via a new tab in lightbox for each image. To this day NWHikers has a superior image insert button compared to most sites in terms of image insertion.

Back to top Reply to topic Reply with quote Send private message
neek
Member
Member


Joined: 12 Sep 2011
Posts: 2329 | TRs | Pics
Location: Seattle, WA
neek
Member
PostFri Oct 02, 2020 9:49 am 
Josh Lewis wrote:
When coupled with HTTP/2 sites load faster than ones without https + HTTP/2.
To be clear, I'm talking about $$ for the site operator, not user experience. It depends on the hosting provider. Some simply charge more for encrypted traffic.
Josh Lewis wrote:
To this day NWHikers has a superior image insert button compared to most sites in terms of image insertion.
Isn't that funny? But many people agree. Sometimes simpler is better.

Back to top Reply to topic Reply with quote Send private message
Josh Journey
a.k.a Josh Lewis



Joined: 01 Nov 2007
Posts: 4830 | TRs | Pics
Josh Journey
a.k.a Josh Lewis
PostFri Oct 02, 2020 10:45 am 
neek wrote:
To be clear, I'm talking about $$ for the site operator, not user experience. It depends on the hosting provider. Some simply charge more for encrypted traffic.
Ah, I see.
neek wrote:
sn't that funny? But many people agree. Sometimes simpler is better.
For some reason developers have this mysterious belief that adding a bunch of steps somehow makes the editing experience better. This is why I've avoided Gutenberg for WordPress 5. I love having many options; but when it's enforced to a point of difficulty it no longer creates a nice experience even to a seasoned user.

Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostSat Oct 03, 2020 9:05 am 
What are your thoughts Tom? I can send some screenshots if you'd like... looks like this is mainly a issue for just browsers on windows 10 devices for now, but that's a huge percentage of users, and it'll likely get worse. Thanks

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
Tom
Admin



Joined: 15 Dec 2001
Posts: 17835 | TRs | Pics
Tom
Admin
PostSat Oct 03, 2020 1:13 pm 
I could fairly easily implement SSL for the site hosting the thunbnails. Would that solve your issue?

Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostSat Oct 03, 2020 2:35 pm 
Tom, that should work... thank you!

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostTue Oct 06, 2020 10:30 am 
Let me know if you need any help with it Tom, or when you get it done. Thanks!

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
downwardbound
Member
Member


Joined: 26 Oct 2020
Posts: 1 | TRs | Pics
Location: new hampshire
downwardbound
Member
PostMon Oct 26, 2020 12:27 pm 
It's important to remember that new registrations are being added to the site all the time. The information people are sharing is not protected. http requests are NOT encrypted during the sign up process. Hopefully no one is using the actual password from their email acct when they sign up here! Without a digital certificate form data is vulnerable. That should be addressed immediately. Certs are cheap. Not sure who's in charge but it appears as if this has been an ongoing issue for quite some time. Peter

Back to top Reply to topic Reply with quote Send private message
Joey
verrry senior member



Joined: 05 Jun 2005
Posts: 2794 | TRs | Pics
Location: Redmond
Joey
verrry senior member
PostTue Oct 27, 2020 4:03 pm 
+1 for Let's Encrypt I use those certs on my domains. The auto renewal works fine.

Back to top Reply to topic Reply with quote Send private message
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 1215 | TRs | Pics
Location: Issaquah
zimmertr
TJ Zimmerman
PostTue Nov 17, 2020 10:54 am 
Back to top Reply to topic Reply with quote Send private message
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 1215 | TRs | Pics
Location: Issaquah
zimmertr
TJ Zimmerman
PostTue Mar 23, 2021 10:24 am 
https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html Chrome's address bar will begin defaulting to use TLS in v90

Back to top Reply to topic Reply with quote Send private message
Tom
Admin



Joined: 15 Dec 2001
Posts: 17835 | TRs | Pics
Tom
Admin
PostTue Mar 23, 2021 1:59 pm 
Doesn't sound like it will impact on sites without SSL, other than a redirect back to http, or did I misread? I asked mcaver a few months ago if he could research upgrading us to https but he was swamped with other things, so I don't see it happening in the near future.

Back to top Reply to topic Reply with quote Send private message
MCaver
Founder



Joined: 14 Dec 2001
Posts: 5124 | TRs | Pics
MCaver
Founder
PostTue Jul 19, 2022 8:26 am 
HTTPS version of the site is now online. Sorry for the delay.

Brian Curtis, Josh Journey, Snuffy
Back to top Reply to topic Reply with quote Send private message
   All times are GMT - 8 Hours
 Reply to topic
Forum Index > Support & Feedback > Missing SSL certificate
  Happy Birthday speyguy, Bandanabraids!
Jump to:   
Search this topic:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum