HLP Network

News:

HLP Donations Page has been reworked for supporting the site.
Please note that the previous "Tiers" are currently not operational (but will be worked on).
You can still cancel any previous re-occurring donations to make new ones which will go to the new Treasurer Admin (Zacam).

 
« Previous Thread Next Thread »
Print
Pages: [1]   Go Down

Author Topic: "This page is trying to load scripts from an unauthenticated source" warning  (Read 19897 times)

0 Members and 1 Guest are viewing this topic.

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
"This page is trying to load scripts from an unauthenticated source" warning
on: September 26, 2018, 10:12:52 pm
Warning shows in the right side of the URL bar in Chrome 69.0.3497.100

[attachment stolen by Russian hackers]
 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #1 on: September 28, 2018, 11:45:52 am
This could be related to our ongoing https issues.  I've added it to our internal issue tracker.
 

Offline ngld

  • Administrator
  • 29
  • Knossos dev
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #2 on: October 30, 2018, 11:43:26 pm
Should be gone now. I've disabled the old Google AdSense stuff that caused it. Let me know if the warning still appears anywhere.
 

Offline PIe

  • 28
  • GTVA POLICE
    • freespace3.com
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #3 on: October 31, 2018, 01:01:03 am
It's not a script but Firefox still warns about mixed content.  It looks like avatars are loaded over HTTP.
[6:23 PM] PIe: why do I have the feeling that I shouldn't be able to give orders to 22nd armored hq
[6:24 PM] Axem: 22nd armored hq, i order you to get me a cup of coffee
[6:24 PM] PIe: and donuts
[6:24 PM] PIe: BECAUSE THIS IS THE GTVA POLICE
[6:25 PM] Axem: :O
[6:25 PM] Axem: am i under arrest
[6:26 PM] [`_`]/: no, just please step out of the myrmidon
[6:26 PM] [`_`]/: you have so much to fred for
[9:50 PM] Sottises: wait did you do vassago's verge?
[9:50 PM] Sottises: .. dirge?
[9:50 PM] Axem: yes
[9:50 PM] Sottises: ohh
[9:50 PM] Sottises: well I have that and JAD too
[9:50 PM] Axem: :)
[9:50 PM] Sottises: what a contrast of themes lmao
[9:50 PM] Axem: isnt it
[9:51 PM] Axem: super grimdark thriller about unknowable alien intelligence and over the top colorful action about friendship
[9:51 PM] PIe: jad is grimdark???
[9:51 PM] Axem: :skull:
 

Offline ngld

  • Administrator
  • 29
  • Knossos dev
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #4 on: October 31, 2018, 01:21:58 am
Thanks, it's fixed now. You might still see mixed content warnings on some posts which embed images with http:// URLs, though.
 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #5 on: October 31, 2018, 01:16:59 pm
Quote from: ngld on October 31, 2018, 01:21:58 am
Thanks, it's fixed now. You might still see mixed content warnings on some posts which embed images with http:// URLs, though.

Can that be fixed by  setting a policy to always substitute https instead of http, and only fall back on http if https fails?
 

Offline ngld

  • Administrator
  • 29
  • Knossos dev
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #6 on: October 31, 2018, 05:11:40 pm
That's not something that browsers support and implementing that on the server would slow down the forum. We could however send a header to tell the browser not to send a referrer for images loaded over http. That way no important information would leak (without that change someone reading your internet traffic could potentially figure out which topics you read... which isn't a big deal anyway IMO).

Also, allowing stuff to fallback to http:// makes the whole effort pretty pointless since a hypothetical attacker could then just block port 443 and still read everything.
 

Offline PIe

  • 28
  • GTVA POLICE
    • freespace3.com
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #7 on: October 31, 2018, 06:46:45 pm
The Neith highlight image (hosted on hard-light.net) is loaded over HTTP.
Regarding upgrading HTTP requests, I could be wrong but isn't that what the HTTPS Everywhere extension does?
[6:23 PM] PIe: why do I have the feeling that I shouldn't be able to give orders to 22nd armored hq
[6:24 PM] Axem: 22nd armored hq, i order you to get me a cup of coffee
[6:24 PM] PIe: and donuts
[6:24 PM] PIe: BECAUSE THIS IS THE GTVA POLICE
[6:25 PM] Axem: :O
[6:25 PM] Axem: am i under arrest
[6:26 PM] [`_`]/: no, just please step out of the myrmidon
[6:26 PM] [`_`]/: you have so much to fred for
[9:50 PM] Sottises: wait did you do vassago's verge?
[9:50 PM] Sottises: .. dirge?
[9:50 PM] Axem: yes
[9:50 PM] Sottises: ohh
[9:50 PM] Sottises: well I have that and JAD too
[9:50 PM] Axem: :)
[9:50 PM] Sottises: what a contrast of themes lmao
[9:50 PM] Axem: isnt it
[9:51 PM] Axem: super grimdark thriller about unknowable alien intelligence and over the top colorful action about friendship
[9:51 PM] PIe: jad is grimdark???
[9:51 PM] Axem: :skull:
 

Offline ngld

  • Administrator
  • 29
  • Knossos dev
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #8 on: October 31, 2018, 07:02:40 pm
The highlight post contains the http:// URL which leads to the image being loaded over HTTP. I could fix this manually (by editing the post) but that leaves out all the other images with the same problem. IMO we need an automated solution for this. A list of image hosters which support HTTPS could then be used in the BBCode parser to automatically rewrite the URLs to https://. That still doesn't solve the issue for images on hosters who don't support HTTPS though I don't know how many of those are still out there...
 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #9 on: November 13, 2018, 01:49:26 am
There were several places in the BBCode parser in Subs.php which explicitly specified HTTP when they constructed a URL.  I changed this to use the protocol-agnostic // in those cases.  This fixes the problem which kept P3D files from being displayed, so maybe it will fix other things as well.
 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #10 on: November 13, 2018, 02:45:47 am
Quote from: Goober5000 on November 13, 2018, 01:49:26 am
This fixes the problem which kept P3D files from being displayed, so maybe it will fix other things as well.

Hey, does that warrant a highlight?  :lol:  (no, seriously, does it?  :nervous: )
 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
Re: "This page is trying to load scripts from an unauthenticated source" warning
Reply #11 on: November 13, 2018, 03:29:47 am
No, but thanks. :D
Print
Pages: [1]   Go Up
« Previous Thread Next Thread »