@capbros yes! With http the browser connects to the server on port 80 and with https it connects on the port 443. Connecting on port 443 adds a transport security layer
As I can see, the certificat is now up to date. But with a quick view I found two todo's:
1. With https the previews of all art's are broken:
Currently the login credentials are sent with http and the user never sees https, if he starts with http. In addition to this if he manually goes to https and is logged in at http, he will not be logged in at https.
Yes, it is true! The complete loginprocess is handled via http, and afterwards no secure connection is used, ever! Therfore you see no warning, because no SSL-Cert is ever loaded to secure the connection... Just look at the current url you are on!
Nice work, our lovely platform is now more secure! :)
Keep on being awesome ^^
hey, thank you for your creation. For my project I added more layers.
Yes, there is an easy solution.
Just change the login form.
From:
<form action="/node?destination=node" method="post" id="user-login-form" accept-charset="UTF-8" class="compact-form">
To:
<form action="https://opengameart.org/node?destination=node" method="post" id="user-login-form" accept-charset="UTF-8" class="compact-form">
But before changing this line, all other bugs should be fixed^^
@capbros yes! With http the browser connects to the server on port 80 and with https it connects on the port 443. Connecting on port 443 adds a transport security layer
As I can see, the certificat is now up to date. But with a quick view I found two todo's:
1. With https the previews of all art's are broken:
how it is now:
https://opengameart.org/sites/default/files/styles/watermarked/public/st...
How it should be:
https://opengameart.org/sites/default/files/styles/thumbnail/public/Prev...
2.
The login is not with forced https.
Currently the login credentials are sent with http and the user never sees https, if he starts with http. In addition to this if he manually goes to https and is logged in at http, he will not be logged in at https.
Yes, it is true! The complete loginprocess is handled via http, and afterwards no secure connection is used, ever! Therfore you see no warning, because no SSL-Cert is ever loaded to secure the connection... Just look at the current url you are on!
Visit https://opengameart.org/ for secure connection...