It is currently Wed Apr 08, 2020 2:57 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 
PostPosted: Thu Jan 02, 2020 9:17 am 
Offline

Joined: Mon Aug 13, 2007 2:04 am
Posts: 1252
Location: Mercia
Seems fairly common for browsers not to show details of the URL. I think they often show a little lock if it's HTTPS and something else (iPad says 'Not Secure') for HTTP.

I don't get the banner ads in Safari with HTTPS but do with HTTP. I have an ad blocker on the PC so Dale isn't getting any crumbs from me now. I see that quite a few ad-funded sites are now showing a donate button if they detect an ad blocker


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Jan 02, 2020 4:44 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 35220
Location: Minneapolis
david_h wrote:
I think they often show a little lock if it's HTTPS ...

Right, that's what I've got now. So that clears that up.

david_h wrote:
I don't get the banner ads in Safari with HTTPS but do with HTTP.

That must be the difference, then. I used to run an ad blocker, but when I got my new laptop I didn't bother, so I must assume that seeing the C&F banner ads has had everything to do with the site not being secure.

I'm still not too happy about the avatars being blocked.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Jan 03, 2020 2:34 pm 
Offline

Joined: Sun Dec 05, 2010 2:59 pm
Posts: 1054
Location: Southwestern Ontario
Very curious. Open this link in another browser tab, https://forums.chiffandfipple.com/download/file.php?avatar=1806.gif, then try to display this thread again. Your avatar should show up.

My current best guess is this ... The HTTPS web server is slow about delivering the avatars, slower than the HTTP web server, and so slow that the browser gives up and just displays the text associated with the image, "user avatar". Once your browser has a particular avatar in the cache, it doesn't have to wait, and can display the image with the web page.


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Jan 03, 2020 3:00 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 35220
Location: Minneapolis
Tunborough wrote:
Very curious. Open this link in another browser tab, https://forums.chiffandfipple.com/download/file.php?avatar=1806.gif, then try to display this thread again. Your avatar should show up.

On clicking the link, for me the tab reads "403 Forbidden". The page reads:

Quote:
Forbidden

You don't have permission to access /images/avatars/upload/50491f7ac84643578ea52bbca5389ffb_1806.gif on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Jan 03, 2020 3:49 pm 
Offline

Joined: Sun Dec 05, 2010 2:59 pm
Posts: 1054
Location: Southwestern Ontario
There seems to be some sort of redirection happening that works fine with the HTTP server, but not the HTTPS server. If I paste download/file.php?avatar=1806.gif into the address bar (Firefox, Internet Explorer, or Microsoft Edge), the picture shows up just fine ... and then your avatar displays fine when I look at a thread. But if I just click on the link, I get the same error you got.

Ben's avatar is at https://forums.chiffandfipple.com/download/file.php?avatar=10298_1232201495.jpg.


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Jan 03, 2020 4:48 pm 
Offline
User avatar

Joined: Mon Jul 29, 2002 6:00 pm
Posts: 4189
Location: Los Angeles
I see the avatar all the time, with all of the links posted. My connection to C&F is definitely HTTP://, not HTTPS:

Using Firefox on Windows 7 & Ublock Origin.


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Jan 03, 2020 4:54 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 35220
Location: Minneapolis
Tunborough wrote:
There seems to be some sort of redirection happening that works fine with the HTTP server, but not the HTTPS server. If I paste download/file.php?avatar=1806.gif into the address bar (Firefox, Internet Explorer, or Microsoft Edge), the picture shows up just fine ... and then your avatar displays fine when I look at a thread. But if I just click on the link, I get the same error you got.

Ben's avatar is at https://forums.chiffandfipple.com/download/file.php?avatar=10298_1232201495.jpg.

The first link doesn't work for me no matter how I do it; with a direct click it's the same "403 Forbidden", and if I paste it into the address bar, the tab reads "download", and the page reads:

Quote:
This site can’t be reached

download’s server IP address could not be found.

Search Google for download file

ERR_NAME_NOT_RESOLVED

Here the blue text is simply to indicate that a link was provided. The actual link didn't do anything for me either, apart from giving me a Google page with lists of info on how to download stuff.

Your second link works, though all I get is Ben's avatar on a black page.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Jan 03, 2020 7:13 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 35220
Location: Minneapolis
What the ...?

Just completed an update after closing all web pages and doing a restart, and now C&F's URL reads "Not secure", I'm getting the banner ads again, and I can see the avatars. :really:

If I access C&F by a Google search, I get the secure version. What gives?

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Sat Jan 04, 2020 1:58 am 
Offline

Joined: Mon Aug 13, 2007 2:04 am
Posts: 1252
Location: Mercia
Nanohedron wrote:
What gives?
I think it may depend on which link has got stored by the various autocomplete, recent searches, recently visited features of the browser and search engine.

i get Forbidden for all Tunborough's links from the HTTPS. I wonder if it's quirk of the board software which makes the pages up on the fly. From a quick look links off site have https inserted but relative links don't so must be relying on some default action of the server.


Top
 Profile  
Reply with quote  
 
PostPosted: Sat Jan 04, 2020 1:00 pm 
Offline

Joined: Sun Dec 05, 2010 2:59 pm
Posts: 1054
Location: Southwestern Ontario
Nanohedron wrote:
The first link doesn't work for me no matter how I do it; with a direct click it's the same "403 Forbidden", and if I paste it into the address bar, the tab reads "download", and the page reads:

Quote:
This site can’t be reached
...

Your second link works, though all I get is Ben's avatar on a black page.
The forum software was being clever, but not quite clever enough, with a URL that I entered as plain text. The links to the avatars are https://forums.chiffandfipple.com/download/file.php?avatar=1806.gif and https://forums.chiffandfipple.com/download/file.php?avatar=10298_1232201495.jpg. If I click on them, I get "Forbidden", like you do. If I cut and paste the URLs into the address bar:
Code:
https://forums.chiffandfipple.com/download/file.php?avatar=1806.gif
 and
https://forums.chiffandfipple.com/download/file.php?avatar=10298_1232201495.jpg

then I get a page with just the little avatar image on it. After I've done that, though, those two avatars show up in threads, and I can click on the links that were previously forbidden and get the avatars.


Top
 Profile  
Reply with quote  
 
PostPosted: Sat Jan 04, 2020 1:15 pm 
Offline

Joined: Sun Dec 05, 2010 2:59 pm
Posts: 1054
Location: Southwestern Ontario
The main motivation for using HTTPS rather than HTTP is so that other people on the coffee shop WiFi can't eavesdrop on your browsing. Since C&F is a public forum, most of what you're doing here isn't a big secret. The main thing you want to protect is your password when you log in. Turns out, you can login via HTTPS, at https://forums.chiffandfipple.com/ucp.php?mode=login, then continue your browsing via HTTP, at http://forums.chiffandfipple.com/search.php?search_id=active_topics, and still be logged in. This keeps your password secret, but avoids the problem with the missing avatars, for what it's worth.


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 9:04 am 
Offline

Joined: Mon Aug 13, 2007 2:04 am
Posts: 1252
Location: Mercia
Tunborough wrote:
...and still be logged in. This keeps your password secret, but avoids the problem with the missing avatars, for what it's worth.
That works. And the banner adds from dating sites come back*

* I only get them here. I suspect that it's to do with the frequent links to photo sharing sites used for hosting the images people share here.


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 12:26 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 35220
Location: Minneapolis
Tunborough wrote:
The main thing you want to protect is your password when you log in. Turns out, you can login via HTTPS, at https://forums.chiffandfipple.com/ucp.php?mode=login, then continue your browsing via HTTP, at http://forums.chiffandfipple.com/search.php?search_id=active_topics, and still be logged in. This keeps your password secret, but avoids the problem with the missing avatars, for what it's worth.

So am I to understand that even though Active Topics is HTTP, in this case it doesn't matter, because the login was via HTTPS and that covers everything?

TBH, since I'm normally not in any particular hurry, I've never seen much reason to use Active Topics, and I usually leave it alone. Using it just to get banner ads and avatars is hardly the enticement I would need.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 1:43 pm 
Offline
User avatar

Joined: Mon Jun 07, 2010 11:31 am
Posts: 5174
Location: the Back of Beyond
Quote:
So am I to understand that even though Active Topics is HTTP, in this case it doesn't matter, because the login was via HTTPS and that covers everything?


If you use Firefox, the add on https everywhere may help :

Quote:
Encrypt the web! HTTPS Everywhere is a Firefox extension to protect your communications by enabling HTTPS encryption automatically on sites that are known to support it, even when you type URLs or follow links that omit the https: prefix.

_________________
My brain hurts

Image


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 1:53 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 35220
Location: Minneapolis
Mr.Gumby wrote:
If you use Firefox, the add on https everywhere may help ...

Apparently I've got Mozilla (among other things), but Firefox per se isn't listed.

I'm afraid this is where my ignorance shines.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.123s | 11 Queries | GZIP : On ]
(dh)