Site Comments & Suggestions

New connection not secure warnings?

  • Last Updated:
  • Apr 14th, 2017 5:48 pm
[OP]
Deal Fanatic
Oct 23, 2004
5082 posts
1560 upvotes
Toronto

New connection not secure warnings?

Not sure if this is related to the ongoing login issues as I'm able to login but this is the first time I'm ever seeing this warning when logging in. Anyone else?

Image

Seems if I manually add "HTTPS" to the forum URL, it becomes secure, but once I login and start browsing the unsecure icon is showing in Firefox
7 replies
Penalty Box
Jan 29, 2016
377 posts
525 upvotes
New Caledonia
It's taken them weeks to try to fix this... actually, at this point I don't think they ever even tried. Lazy or incompetent... pick one.
HOT DEAL ALERT: 661,000 stolen emails, usernames and unencrypted passwords from a Canadian deals website, compromised due to administrator incompetence and general apathy towards users! Order now!
Member
User avatar
Sep 26, 2010
422 posts
130 upvotes
Toronto
georvu wrote:
Apr 10th, 2017 9:17 pm
RFD needs to update certificate... browsers announced this last year I believe.
https://developer.mozilla.org/en-US/doc ... _passwords

https://support.google.com/chrome/answe ... cator&rd=1
Our certs are fine - the issue is that the form is loaded over an insecure connection. As the links you posted say, this means that somebody could have intercepted it and messed with our page, even though it submits to https.

We've known about that issue for quite some time, and are working towards a solution. In recent months, the forums started allowing users to browse with https. It's not perfect, but at least the initial page load is secure.

As the OP mentioned, the solution is to use https:// instead. Our next release (due in about 3 weeks) will allow you to use https:// on www.redflagdeals.com if you choose, but we won't send the Strict-Transport-Security header yet, nor redirect you to https://.

Our eventual goal is to move to full https. This will make that very aggressive notification in Firefox go away. On a site as big as RFD, we have a lot of things to think about - the largest being SEO. It's taken a long time to even get the SEO team on board, much less actively helping us to switch over. They've finally seen the light and it's happening.

For the last 2 months we've been picking away at all the issues - making sure you will get that nice green lock in the address bar. It's coming, but it isn't as easy as flipping a switch.
[OP]
Deal Fanatic
Oct 23, 2004
5082 posts
1560 upvotes
Toronto
tylerversion2 wrote:
Apr 11th, 2017 10:57 am
For the last 2 months we've been picking away at all the issues - making sure you will get that nice green lock in the address bar. It's coming, but it isn't as easy as flipping a switch.
thank you for the reply and info Tyler
Deal Addict
Feb 4, 2015
2401 posts
393 upvotes
tylerversion2 wrote:
Apr 11th, 2017 10:57 am
Our certs are fine - the issue is that the form is loaded over an insecure connection. As the links you posted say, this means that somebody could have intercepted it and messed with our page, even though it submits to https.

We've known about that issue for quite some time, and are working towards a solution. In recent months, the forums started allowing users to browse with https. It's not perfect, but at least the initial page load is secure.

As the OP mentioned, the solution is to use https:// instead. Our next release (due in about 3 weeks) will allow you to use https:// on www.redflagdeals.com if you choose, but we won't send the Strict-Transport-Security header yet, nor redirect you to https://.

Our eventual goal is to move to full https. This will make that very aggressive notification in Firefox go away. On a site as big as RFD, we have a lot of things to think about - the largest being SEO. It's taken a long time to even get the SEO team on board, much less actively helping us to switch over. They've finally seen the light and it's happening.

For the last 2 months we've been picking away at all the issues - making sure you will get that nice green lock in the address bar. It's coming, but it isn't as easy as flipping a switch.
Thanks for update :)
Deal Addict
Dec 5, 2006
4159 posts
360 upvotes
Markham
I found firefox warning is annoying, I just disabled it. It is nice to have warning, but in most case, what can I do?

Top