Post by StevenNL2000 on May 6, 2018 11:30:09 GMT
This is not an information thread. I am specifically looking for development ideas.
After a thread by thecjgcjg, I spent a few hours fixing all mixed content errors our themes were giving, so this forum is now fully HTTPS ready1. You can currently use it by manually navigating to the secure version, but the next step is of course to make everyone use it by default. ProBoards does not give you any support or tools for doing so, so we have to make up our own solution. Here are a few things I already considered:
[li]Change all internal links on all pages to HTTPS[/li]This would work great if we could do it server-side, but we can't, and as you can probably expect, modifying the HTML in 200 places client-side doesn't work very smoothly.
[li]Change all internal links that we can modify server-side on all pages to HTTPS[/li]There are surprisingly few of these. Most internal links are relative, which means they don't specify a protocol at all, and for God knows what reason, there are even a few we can't modify that explicitly link to HTTP.
[/ul]
To show what kind of solution you should think of, ProBoards gives us access to the following things:
Using custom themes, we can modify the HTML and CSS of all pages2, including removing the default.
Using custom plugins, we can modify the JavaScript (we do have jQuery) of all pages2, but not including removing the default.
1: I've extensively tested the forums and found two pages in the admin panel that break in a way we can't fix. I don't consider these high priority because they aren't pages you need every day, and you can simply turn HTTPS off when you do.
2: With the exception of the admin panel. As mentioned in note 1, I don't consider that a problem.
After a thread by thecjgcjg, I spent a few hours fixing all mixed content errors our themes were giving, so this forum is now fully HTTPS ready1. You can currently use it by manually navigating to the secure version, but the next step is of course to make everyone use it by default. ProBoards does not give you any support or tools for doing so, so we have to make up our own solution. Here are a few things I already considered:
- Make all HTTP pages redirect to HTTPS when you visit them using HTTP headers
- Make all HTTP pages redirect to HTTPS when you visit them using JavaScript
[li]Change all internal links on all pages to HTTPS[/li]This would work great if we could do it server-side, but we can't, and as you can probably expect, modifying the HTML in 200 places client-side doesn't work very smoothly.
[li]Change all internal links that we can modify server-side on all pages to HTTPS[/li]There are surprisingly few of these. Most internal links are relative, which means they don't specify a protocol at all, and for God knows what reason, there are even a few we can't modify that explicitly link to HTTP.
[/ul]
To show what kind of solution you should think of, ProBoards gives us access to the following things:
Using custom themes, we can modify the HTML and CSS of all pages2, including removing the default.
Using custom plugins, we can modify the JavaScript (we do have jQuery) of all pages2, but not including removing the default.
1: I've extensively tested the forums and found two pages in the admin panel that break in a way we can't fix. I don't consider these high priority because they aren't pages you need every day, and you can simply turn HTTPS off when you do.
2: With the exception of the admin panel. As mentioned in note 1, I don't consider that a problem.