Mixed Content in Forum
-
Heho.
Google Chrome throws this message:
Mixed Content: The page at 'https://forum.fracturedmmo.com/unread' was loaded over HTTPS, but >requested an insecure XMLHttpRequest endpoint 'http://status.fracturedmmo.com/'. This request has been >blocked; the content must be served over HTTPS.
Its a little bit strange, if you open https://status.fracturedmmo.com/ , you'll get a HTTP-Login Message.
It would be better if the Request is added in https, because modern browsers will block http-requests on https pages. This removes the "green" lock out of the adressbar of google chrome and shows a security message.
Greetings RogueThorn.
PS: there are also some websocket errors.
socket.io.js:2 WebSocket connection to 'wss://forum.fracturedmmo.com/socket.io/?>EIO=3&transport=websocket&sid=_YiuuYFfk_rsx2bMAAA' failed: Error during WebSocket handshake: >Unexpected response code: 500
-
@roguethorn I didn't fully understand what you were talking about, but there was a thing. Simply forum is in technical care, and this in turn means, that soon will news
-
Sometimes the forum calls a script from status.fracturedmmo.com , this is not always included in the page, but if this script is called I'll get the message "Mixed Content: The page at 'https://forum.fracturedmmo.com/unread' was loaded over HTTPS [...] This request has been blocked"
I can't reproduce it properly, but it happens time to time. Then my browser says the website is insecure.
-
@roguethorn said in Mixed Content in Forum:
Sometimes the forum calls a script from status.fracturedmmo.com , this is not always included in the page, but if this script is called I'll get the message "Mixed Content: The page at 'https://forum.fracturedmmo.com/unread' was loaded over HTTPS [...] This request has been blocked"
I can't reproduce it properly, but it happens time to time. Then my browser says the website is insecure.
status.fracturedmmo.com is hosted at a 3rd party service (exana.io) so the sub-domain is a CNAME to them. Not sure if they're using the free version or paid version but the paid version can do SSL certs.
I've never seen the warning on the forums about mixed content.
-
@kellewic I had it today 3 times in a row. I don't know when this script is inserted.
