Forum still uses HTTP rather than HTTPS

Posted on
  • Hello Gordon,

    I just noticed that the forum still uses HTTP rather than HTTPS - which may make it difficult to use modern browsers in the near future.

    Since espruino.com already uses HTTPS, it should not be difficult to get a certificate (just add forum.espruino.com as an "alternative subject name".

    What remains may a configuration change of port 80 to 443 and to load certificate and private key in your forum software.

    From then on, you should not have to care about browser security restrictions for quite a while, I'd guess.

    With greetings from Germany,

    Andreas Rozek

  • Hi,

    Thanks - yes, the issue is actually that I don't host the forum myself (it uses https://microco.sm/) so it's not quite so easy to change the certificates. I'll have to get in touch with the developers.

    Web browsers aren't going to start actively blocking HTTP are they? All the sign-in is handled by Auth0 (which is HTTPS) so using bare HTTP isn't a huge security risk.

  • I can't predict when people will no longer be able to use HTTP. What I am observing is that Google Chrome is raising the bar continuously, e.g., by introducing concepts like "Content Security Policies" or disallowing self-signed certificates etc.

    If you start with the preparations to migrate to HTTPS soon enough you won't have to worry about the time it will take and will instead be prepared for the final switch.

  • Thanks, yes, that's true.

    However I'm also a little concerned about the current search performance of the forum - it may be Google pushing HTTP results down the list, but it could be something else about this forum. I am wondering about swapping to something else at some point which I host - specifically if we at least have the option of more of a Stack Overflow Q&A so the actual helpful posts don't get buried amongst 'me too' type replies

  • please do not consider a discourse(.org) type forum - this awful style gets overused lately

  • I'm with you on that - I hate those too :)

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Forum still uses HTTP rather than HTTPS

Posted by Avatar for Andreas_Rozek @Andreas_Rozek

Actions