1. Feeling creative, Guest? ImDeity Creative World is for you!
    With 6 ranks and plots from 32x32 up to 512x512!
    Type /creative to join!
    Dismiss Notice
  2. Vote for the server daily! Vote for 200 coin!
    Dismiss Notice
  3. Guest, do you have too much extra loot? Create an auction!
    The ImDeity Auction System is like free Dei!
    Goto Portal > Auction to create and bid on items!
    Dismiss Notice

Bug: HTTPS is breaking things

Discussion in 'Help / Support / Guides' started by MasahiroRina, March 25, 2017.

  1. MasahiroRina

    MasahiroRina

    • Gold
    Joined:
    May 30, 2015
    Messages:
    140
    Likes Received:
    136
    Trophy Points:
    138
    In-Game Name:
    MasahiroRina
    It's not something I pay attention to. A little icon on the right-hand side of my address bar. What it means is that something like Flash or JavaScript is blocked. I don't notice it.

    Until I can't submit a post, or make a comment on a profile, or talk in the webchat.

    Even then, it's not the first thing I think to troubleshoot. I don't expect the security of this website's scripts to come into question. I don't expect this website to question the security of anything. I don't expect this website to be secure.

    But for some reason, it is.
     
  2. smcallah

    smcallah

    • Administrator
    Joined:
    April 17, 2011
    Messages:
    2,154
    Likes Received:
    2,761
    Trophy Points:
    493
    In-Game Name:
    smcallah
    HTTPS is important for any website that you use a username and password to login to. Otherwise, they are sent in plain text and can easily be read.
     
  3. ImDeity

    ImDeity

    • Administrator
    Joined:
    January 9, 2011
    Messages:
    1,227
    Likes Received:
    3,466
    Trophy Points:
    538
    In-Game Name:
    ImDeity
    As @smcallah mentioned, its done for security. A recent update to the Chrome browser gives warnings if you try to type in a password into a non HTTPS website so I set up an SSL certificate.

    I had updated most of the custom code to use HTTPS but Xenforo (our forum software) was redirecting some pages to the non-secure version which was causing problems.

    I've made some changes to the Xenforo instance now so it should stop redirecting to the non-secure site (which should fix a number of bugs you mentioned). Let me know if you're still having issues on a particular page.
     
  4. MasahiroRina

    MasahiroRina

    • Gold
    Joined:
    May 30, 2015
    Messages:
    140
    Likes Received:
    136
    Trophy Points:
    138
    In-Game Name:
    MasahiroRina
    Ah, I see. I was wondering as to the "why". I used to use this site to escape from captive portals' automatic security error, but finding a new non-secure website shouldn't be too hard.

    On my Windows 10 PC, I updated Chrome and cleared all my caches. However, all forum pages, profile pages, and Chat are still trying to load "scripts from unauthenticated sources", which is still causing my bugs. When I click "load unsafe scripts", the header changes to "not secure".

    If I'm not logged in, the forum still defaults to http, and when I try to log in, the header changes to Not Secure. If I manually change the prefix to https, the script icon pops up like before.

    Interestingly, cookies don't seem to be checked the first time the site is typed into any new tab. A refresh is required to "log in" if I'm logged into another tab. Another weird tab thing is that once I've loaded "unsafe" scripts in one tab, they remain loaded as I navigate the site, but if I open a link in a new tab, it will not load "unsafe" scripts in that tab.

    On my phone, loading the site works fine, but logging in brings up the security error. "Proceed anyway" provides normal access to the site, with a red header. Scripts are loaded just fine.

    On Firefox (v39), it asked me to add a security exception on login and then worked every time after that.
     
    Last edited: March 28, 2017
  5. BarryX15

    BarryX15

    • Sponsor
    Joined:
    November 6, 2011
    Messages:
    889
    Likes Received:
    2,732
    Trophy Points:
    428
    In-Game Name:
    BarryX15
    I am not sure if this belongs here, but it isnt a proper bug report so why not... Since the monday/tuesday changes on the website, some strange behavior occurs:
    - When i start Firefox and open ImDeity.com website, i do not appear to be logged in.
    - Then i click the Chat link from menu, and i still do not appear to be logged in, but everything else works as for guest, chat history and players on the map are shown.
    - Then i click the Home link from menu, the main page loads and recognises me, and since then i am logged in and everything works fine, including sending a message from the webchat.
    So somewhere between clicking links to the chat and the main page the website recognises me.
     
  6. ImDeity

    ImDeity

    • Administrator
    Joined:
    January 9, 2011
    Messages:
    1,227
    Likes Received:
    3,466
    Trophy Points:
    538
    In-Game Name:
    ImDeity
    I think the login cookie isn't being remembered between HTTP and HTTPS connections. Try changing your ImDeity bookmark to goto https://imdeity.com and it should be consistent.
     
    BarryX15 likes this.
  7. BarryX15

    BarryX15

    • Sponsor
    Joined:
    November 6, 2011
    Messages:
    889
    Likes Received:
    2,732
    Trophy Points:
    428
    In-Game Name:
    BarryX15
    That worked. Thanks!
     
  8. JWCuber

    JWCuber

    • Diamond
    Joined:
    February 28, 2016
    Messages:
    97
    Likes Received:
    51
    Trophy Points:
    73
    In-Game Name:
    JWCuber
    After deity fixed the trophies it also fixed that unsafe message error. :)
     
  9. JWCuber

    JWCuber

    • Diamond
    Joined:
    February 28, 2016
    Messages:
    97
    Likes Received:
    51
    Trophy Points:
    73
    In-Game Name:
    JWCuber
    Nvm it's doing the unsafe error again :/
     
  10. ImDeity

    ImDeity

    • Administrator
    Joined:
    January 9, 2011
    Messages:
    1,227
    Likes Received:
    3,466
    Trophy Points:
    538
    In-Game Name:
    ImDeity
    Which browser and on which page?
     
  11. Vershye

    Vershye

    • Senior Moderator
    • Diamond
    Joined:
    September 26, 2011
    Messages:
    3,290
    Likes Received:
    2,988
    Trophy Points:
    468
    In-Game Name:
    Vershye
    Almost every forum page, and Opera, Chrome and the default Android browser on my phone. :)
     
  12. ImDeity

    ImDeity

    • Administrator
    Joined:
    January 9, 2011
    Messages:
    1,227
    Likes Received:
    3,466
    Trophy Points:
    538
    In-Game Name:
    ImDeity
    Hm weird, I use Chrome as my main browser and I'm not getting any breaking errors. I'll check it out with other browsers.
     
  13. smcallah

    smcallah

    • Administrator
    Joined:
    April 17, 2011
    Messages:
    2,154
    Likes Received:
    2,761
    Trophy Points:
    493
    In-Game Name:
    smcallah
    I'm using Chrome and I get that not secure notice. If I enable the blocked content, it appears to be the "Live Chat" script that is blocked.

    After enabling the blocked content, Live Chat (1) appears at the bottom of the page while viewing this forum post. The same thing happens in Firefox and Edge as well.
     
    JWCuber likes this.
  14. SharpyArcher

    SharpyArcher

    Joined:
    January 9, 2016
    Messages:
    226
    Likes Received:
    268
    Trophy Points:
    93
    In-Game Name:
    SharpyArcher
    I'm currently running an older computer, with Chrome. Chat does work there. I'm not sure if it's fully updated (I'm pretty sure it is), but just wanted to give a heads up.

    On my desktop however, I cannot run chat on Chrome, but I can run it on Edge. Instead of an error message, it just doesn't appear with chat. It tells me

    * Connected to DeityChat via Web

    * Server activated Chat

    As it normally would, but that's it.
     

Share This Page