Notifications
Clear all

HTTPS Filter

4 Posts
2 Users
0 Likes
2,205 Views
(@mcguffin)
Member Customer
Joined: 7 years ago
Posts: 38
Topic starter  

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. Soon it will be every page.

What that means is if you allow users to add images with Quicktags or automatic image URL to image HTML conversion and they are not from sites that use HTTPS your visitors will get a warring message.

You should add a filter that only "embeds"images from sites that use HTTPS.

https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html


   
Quote
(@mcguffin)
Member Customer
Joined: 7 years ago
Posts: 38
Topic starter  

I should add... Even if your site is secure, having an image or other content that is uploaded to the users browser via your site from an unsecured site will trigger a "mixed content warring".

Unless there is a HTTPS filter Quicktags should never be used.


   
ReplyQuote
(@mcguffin)
Member Customer
Joined: 7 years ago
Posts: 38
Topic starter  

OK one more note.. These are not little warring messages. These are more like those warring messages that say the site may contain a virus.  Not may users know what HTTPS or SSL is so they will just assume the worse and exit your site quickly. So this is kind of a big deal.


   
ReplyQuote
 Tom
(@tomson)
Famed Member Admin
Joined: 9 years ago
Posts: 4168
 

Thank you Dennis, this is already in our to-do list. We'll update it soon.


   
ReplyQuote
Share:
Scroll to top