Author |
Message |
|
Norton Safeweb (a browser extension) is flagging this website as a potential identity threat and phishing site. I can't imagine why that is, but thought I'd mention it to see if anyone else can confirm this. |
|
|
Dave  Send message
Joined: 13 Feb 12 Posts: 2611 ID: 130544 Credit: 822,286,079 RAC: 349,459
                    
|
http://www.primegrid.com/forum_thread.php?id=8507#128087 |
|
|
|
Not sure if it is related, but if I use HTTPS to go to the front page https://www.primegrid.com/ the words "Not secure" appears next to the prefix https://. If I use HTTPS to go to another page on the same domain, such as https://www.primegrid.com/forum_index.php, I see the padlock icon next to https:// indicating the site being secure. /JeppeSN |
|
|
Yves GallotVolunteer developer Project scientist Send message
Joined: 19 Aug 12 Posts: 524 ID: 164101 Credit: 304,715,793 RAC: 6,946

|
http://www.primegrid.com/forum_thread.php?id=8507#128087
https://www.primegrid.com/forum_thread.php?id=8507#128087 |
|
|
dthonon Volunteer tester Send message
Joined: 6 Dec 17 Posts: 373 ID: 957147 Credit: 1,110,679,142 RAC: 406,441
                         
|
Not sure if it is related, but if I use HTTPS to go to the front page https://www.primegrid.com/ the words "Not secure" appears next to the prefix https://. If I use HTTPS to go to another page on the same domain, such as https://www.primegrid.com/forum_index.php, I see the padlock icon next to https:// indicating the site being secure. /JeppeSN
Firefox states that some part, such as images, are not secure in the front page.
EDIT: my guess is that it is there is still some http:// content inside the page. |
|
|
Dave  Send message
Joined: 13 Feb 12 Posts: 2611 ID: 130544 Credit: 822,286,079 RAC: 349,459
                    
|
http://www.primegrid.com/forum_thread.php?id=8507#128087
https://www.primegrid.com/forum_thread.php?id=8507#128087
Ty Yves, I just added the extension to Chrome! |
|
|
Yves GallotVolunteer developer Project scientist Send message
Joined: 19 Aug 12 Posts: 524 ID: 164101 Credit: 304,715,793 RAC: 6,946

|
my guess is that it is there is still some http:// content inside the page.
A link to http://prpnet.primegrid.com
|
|
|
dukebgVolunteer tester
 Send message
Joined: 21 Nov 17 Posts: 235 ID: 950482 Credit: 22,083,013 RAC: 0
                 
|
my guess is that it is there is still some http:// content inside the page.
A link to http://prpnet.primegrid.com
No, it's because of the images in the news post about the TdP.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image
'http://www.primegrid.com/img/badges/tdp_2019_yellow.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_prime.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_red.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_mega.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_green.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_ms_prime.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_polkadot.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_ms_mega.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_yellow.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_prime.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_red.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_mega.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_green.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_ms_prime.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_polkadot.png'. This content should also be served over HTTPS.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image 'http://www.primegrid.com/img/badges/tdp_2019_ms_mega.png'. This content should also be served over HTTPS. |
|
|
|
my guess is that it is there is still some http:// content inside the page.
it's because of the images in the news post about the TdP.
(index):1019 Mixed Content: The page at 'https://www.primegrid.com/' was loaded over HTTPS, but requested an insecure image
'http://www.primegrid.com/img/badges/tdp_2019_yellow.png'. This content should also be served over HTTPS.
[…]
It is true. If you have a forum post where someone inserts an image in the post using http:// then that page when requested with https:// is considered "not secure". The retrieval of the images could be surveilled etc.
Example: The entire thread https://www.primegrid.com/forum_thread.php?id=5858&nowrap=true contains an image (in a post by myself) over non-secure HTTP, so is not considered secure by a web browser. With my settings (where I show only the last 75 posts), the same thread without "nowrap" is considered secure: https://www.primegrid.com/forum_thread.php?id=5858
Those who make forum posts that will show up on the front page should use only HTTPS in their image URLs.
/JeppeSN |
|
|
Michael Goetz Volunteer moderator Project administrator Project scientist
 Send message
Joined: 21 Jan 10 Posts: 13048 ID: 53948 Credit: 203,048,596 RAC: 85,796
                        
|
Those who make forum posts that will show up on the front page should use only HTTPS in their image URLs.
/JeppeSN
Can't.
We just have to live with the warnings.
____________
Please do not PM me with support questions. Ask on the forums instead. Thank you!
My lucky number is 75898524288+1 |
|
|
Vato Volunteer tester
 Send message
Joined: 2 Feb 08 Posts: 726 ID: 18447 Credit: 130,607,475 RAC: 406,856
                    
|
it's hard to enforce a shift to https only, at least when you have user generated content. the same applies to the boinc-client itself, which still uses http for various things.
i still get the mixed insecure icon in firefox, despite the https-everywhere plugin dynamically rewriting everything to https. (the default rules for this plugin know that primegrid is safe for this)
____________
|
|
|
streamVolunteer developer Volunteer tester Send message
Joined: 1 Mar 14 Posts: 580 ID: 301928 Credit: 451,697,040 RAC: 86
                     
|
Generally, full references should be avoided if you're referring to the same site (e.g. to other thread or pictures hosted here). Thou shalt not write "http://www.primegrid.com/pics/mypic.jpg", use "/pics/mypic.jpg" instead. The browser will automatically substitute current host name and protocol.
But current forum code seems to be broken (or some patches from old site were not merged). It does not support relative links in "url" tags now. When used, it will generate broken links.
Of course it's not possible to force all users to follow this rule, but at least main page and news posted by admins could be written in correct style.
|
|
|
|
About HTTPS Everywhere, I have the EASE option enabled and have not received any warnings since. On the topic of non-HTTPS image links, I have seen forums use a kind of in-site proxying, where images are proxied through the site's CDN, so that the users are left unexposed. Ultimately, I don't think such a measure is remotely necessary, but it is something to think about, as it could even improve load times (through caching). |
|
|
Michael Goetz Volunteer moderator Project administrator Project scientist
 Send message
Joined: 21 Jan 10 Posts: 13048 ID: 53948 Credit: 203,048,596 RAC: 85,796
                        
|
And then there's the obvious: TdP is over and that announcement should have been removed. It's gone now.
There WAS limitation of the forum code (old server) that prevented you from using relative links or https for images. Using http was the only option.
They all seem to work now so we'll use https in the future:
http:
http://www.primegrid.com/img/badges/genefer_turquoise.png
https:
https://www.primegrid.com/img/badges/genefer_turquoise.png
relative:
//www.primegrid.com/img/badges/genefer_turquoise.png
relative:
/img/badges/genefer_turquoise.png
____________
Please do not PM me with support questions. Ask on the forums instead. Thank you!
My lucky number is 75898524288+1 |
|
|
streamVolunteer developer Volunteer tester Send message
Joined: 1 Mar 14 Posts: 580 ID: 301928 Credit: 451,697,040 RAC: 86
                     
|
There WAS limitation of the forum code (old server) that prevented you from using relative links or https for images. Using http was the only option.
They all seem to work now so we'll use https in the future:
I've noticed this in "url" tags first. Try this:
[url]/forum_forum.php?id=38[/url]
Yes, it's not possible to force all users to make it right way, but it's impossible to make it right for those who cares.
|
|
|
Michael Goetz Volunteer moderator Project administrator Project scientist
 Send message
Joined: 21 Jan 10 Posts: 13048 ID: 53948 Credit: 203,048,596 RAC: 85,796
                        
|
And then there's the obvious: TdP is over and that announcement should have been removed. It's gone now.
There WAS limitation of the forum code (old server) that prevented you from using relative links or https for images. Using http was the only option.
They all seem to work now so we'll use https in the future:
http:
http://www.primegrid.com/img/badges/genefer_turquoise.png
https:
https://www.primegrid.com/img/badges/genefer_turquoise.png
relative:
//www.primegrid.com/img/badges/genefer_turquoise.png
relative:
/img/badges/genefer_turquoise.png
I probably should have tested the url (and url=) tags as well as the img tags. Here goes:
https:
https://www.primegrid.com/server_status.php
https://www.primegrid.com/server_status.php
link
http:
http://www.primegrid.com/server_status.php
http://www.primegrid.com/server_status.php
link
relative:
//www.primegrid.com/server_status.php
http:////www.primegrid.com/server_status.php *** Notice the "http:////" It still works.
link
relative: *** does not work
/server_status.php
http:///server_status.php
link
Bottom line:
With IMG tags, everything works the way you expect it to work.
With URL tags, if you specify the fully qualified URL, the forums retain whichever protocol you used (http or https). If you use relative URLs, the behavior is a bit strange. If you leave off the protocol, http (not https) gets used all the time. If you leave off the domain, it fails.
____________
Please do not PM me with support questions. Ask on the forums instead. Thank you!
My lucky number is 75898524288+1 |
|
|