[X] My Assistant

Was wondering where the old pages went

Bad HTTPS, forum uses resources from non-safe websites

Bad HTTPS, forum uses resources from non-safe websites

The forum does not, but user posts may. The alternative is banning external images, which did not seem like a reasonable tradeoff.

The forum does not, but user posts may. The alternative is banning external images, which did not seem like a reasonable tradeoff.

Imgur supports https, perhaps run a script to convert all http links to imgur on the forum to https? Especially the user signatures, for example page 9 of this topic shows mixed content warnings because of 3 user signatures linking to http imgur, and a broken link to imageshack.

Is that even a proper security issue?

Is that even a proper security issue?

Not really. Mixed content warning on images does not hit any viable backdoors/bugs. The forums do not support SVG for example.

For SVG see this: [security.stackexchange.com] https://security.stackexchange.com/question...-img-src-xss-do .

The only thing is that a Referer: header is leaked out of the HTTPS. But, unless you are using DNSSEC (which is still in development), your ISP already has that info. Also, all modern browsers refuse to send a Referer: header to HTTPS on an HTTP connection, so it is a moot point.

Imgur supports https, perhaps run a script to convert all http links to imgur on the forum to https? Especially the user signatures, for example page 9 of this topic shows mixed content warnings because of 3 user signatures linking to http imgur, and a broken link to imageshack.

You better solve this via browser extension (HTTPS Everywhere, Smart HTTPS, custom rules in Redirector) than ask every site's admin to convert imgur and other external links to https.

If you're using Chrome/ium or one of its derivatives, you can navigate to chrome://net-internals/#hsts (can't link to it, the invisible broads won't let me) and manually add imgur and its subdomains (imgur.com, i.imgur.com, etc.) to the browser's HSTS list (which should force HTTP requests on said domains to be converted to HTTPS)
The browser may still raise a mixed-content warning in the console, but the requests should be delivered via HTTPS

[blog.imgur.com] Imgur defaults to https now

Letsencrypt is going to issue wildcard certificates...Maybe this is useful for h@h network, am I too obsessed with that green lock?

Letsencrypt is going to issue wildcard certificates...Maybe this is useful for h@h network

It isn't, at least not to anywhere near the same extent as the regular servers.

From the wiki (didn't write this so blame whoever did if it's wrong):

Is H@H traffic encrypted?
No.

If people are worried about H@H stuff, might want to not get a client at all. Once you get one, it'll stay even if it dies.

Really great update. Thanks a lot! (IMG:[invalid] style_emoticons/default/biggrin.gif)

Sorry for stupid question

But what happened with galleries in g.e-hentai.org? All of them redirected to e. or just be deleted?

Coz i cannot find some of doji and think than they was only at g.e-

Nothing is exclusive to any subdomain.

Really? But i see many times this answer:

"This gallery has been removed or is unavailable.

You will be redirected to the front page momentarily."

When exist g.e and e. hentai it was mean that these gallery located only at g.e. But right now, if there is no exclusive, where this gallery removed?
In what place???

(IMG:[invalid] style_emoticons/default/sad.gif) don't know whether someone mentioned this before, when i view any image of any gallery, the browser got a 307 redirect code to use https connection but the server cannot provide https connection to it. as a result, all the images failed to load.
tried to copy the image link(without using ssl) and open it in a new tab, the image can be loaded.

(IMG:[invalid] style_emoticons/default/sad.gif) don't know whether someone mentioned this before, when i view any image of any gallery, the browser got a 307 redirect code to use https connection but the server cannot provide https connection to it. as a result, all the images failed to load.
tried to copy the image link(without using ssl) and open it in a new tab, the image can be loaded.

Galleries will never use a 307 Temporary Redirect. Disable all your extensions and/or use a different browser.

This is probably an issue with Firefox Nightly where it will forcefully upgrade HTTP passive mixed content to HTTPS and doesn't fallback if it fails.
Change security.mixed_content.upgrade_display_content to false in about:config meanwhile.

Change security.mixed_content.upgrade_display_content to false in about:config meanwhile.

I can confirm the problem and your fix. Since this happened to me after a regular Firefox nightly update I expect many more reports soon...

This post has been edited by thrade: Feb 24 2018, 01:10