SSL'ed domain, but /home isnt secured. Other links are

Oliver Mankewitz Posted in Technical Support 1 month ago

Me again.
I secured my domain via letsencrypt. All links within my website are secured accept the "<mydomain>/home" (entrance) link. I have no clue why is that.
Maybe someone can enlighten me?

Regards,
Oliver

Replies
us Olivia miller Replied 4 weeks ago
German Oliver Mankewitz Replied 1 month ago

Hi, Arsalan!

Yes, I can confirm that there is a post with an unseucre Link (http instead of https).
I changed the value in ossn_comp.php and the Preview pic disappeared.
Tried to fix that by adding 's' to the link but this didnt worked because of a self signed cert of the linked site, I guess.
Thank you very much.

Regards,
Oliver

German Arsalan Shah Replied 1 month ago

any feedback on this?

German Arsalan Shah Replied 1 month ago

Ok i have tried to debug it on your website and i found because many links used in your website are not https by means you are using LinkPreview component and your members entered links without https, so images fetched from them are not on https, you can change the behavior of the component by editing

components\LinkPreview\ossn_com.php

Changing

define('LinkPreview_ShowMixedContents', true);

To

define('LinkPreview_ShowMixedContents', false);
German Oliver Mankewitz Replied 1 month ago

Hi, Zett!
I tried this before I asked here!
I disabled cache, enabled cache, emptied the cache, emptied browser cache.... it doesnt matter. The /home -link stays insecure.

Oliver

German ~Z~ Man Replied 1 month ago

Ok, just had a look at your /home
and the browser developer network tab shows that indeed a lot of avatar images are fetched the insecure way,
that's why the complete connection is show as 'insecure'.
Looks like you did not disable cache correctly?!

So please disable cache from your Ossn admin panel, return to /home and verify whether this makes a difference.

German Oliver Mankewitz Replied 1 month ago

Yes, thats because I want to control who will get access to the site.
But receiving E-mails (or not) doesnt has to do with the SSl thingie, doesnt it?
Its strange that ALL other links are working SSL'ed. Only the entrance is (apparently not secured.

Regards,
Oliver

German ~Z~ Man Replied 1 month ago

okay, got the mail now, but activation is still pending from your side

German ~Z~ Man Replied 1 month ago

No idea.
Just created an account but got no activation mail.

German Oliver Mankewitz Replied 1 month ago

Yep. Checked.
It is

$Ossn->url = 'https://mydomain/';

SSL connection worked fine in v5.1.
Dunno what changed.

Regards,