gVectors Team

Professional WordPress Plugins and Services. wpDiscuz, WooDiscuz, Advanced Post Pagination

AI Assistant
Forums
Plugin Support
wpDiscuz
General Discussion ...
HTTPS Filter
 
Notifications
Clear all

HTTPS Filter

  Summarize Topic
General Discussion and feedback
Last Post by Tom 9 years ago
4 Posts
2 Users
0 Reactions
2,845 Views
RSS
 Dennis
(@mcguffin)
Member Customer
Joined: 9 years ago
Posts: 38
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
28/01/2017 10:32 pm   [#879]

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. Soon it will be every page.

What that means is if you allow users to add images with Quicktags or automatic image URL to image HTML conversion and they are not from sites that use HTTPS your visitors will get a warring message.

You should add a filter that only "embeds"images from sites that use HTTPS.

https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html



   
Quote
 Dennis
(@mcguffin)
Member Customer
Joined: 9 years ago
Posts: 38
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
28/01/2017 10:43 pm  

I should add... Even if your site is secure, having an image or other content that is uploaded to the users browser via your site from an unsecured site will trigger a "mixed content warring".

Unless there is a HTTPS filter Quicktags should never be used.



   
ReplyQuote
 Dennis
(@mcguffin)
Member Customer
Joined: 9 years ago
Posts: 38
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
28/01/2017 10:55 pm  

OK one more note.. These are not little warring messages. These are more like those warring messages that say the site may contain a virus.  Not may users know what HTTPS or SSL is so they will just assume the worse and exit your site quickly. So this is kind of a big deal.



   
ReplyQuote
 Tom
(@tomson)
Famed Member Admin
Joined: 11 years ago
Posts: 4245
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
29/01/2017 1:09 pm  

Thank you Dennis, this is already in our to-do list. We'll update it soon.



   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share:
Scroll to top