Flarum 0.1.0-beta.12 and HTTPS

[deleted]

Recently I upgraded to Flarum 0.1.0-beta.12
I have noticed that (on main/home page) HTTPS shows Your connection to this site is not fully secure (of course this notice is in Chrome, web and mobile, next to domain adress/name in adress bar). However, Connection is secure when browsing discussions/tags/posts... I get A+ grade on https://lab.migratetoflarum.com/ every time (don't know is this relevant at all), but is it possible to get Connection is secure in homepage/main page permanently?

luceos

[deleted] have you checked your browser console for any discernible errors?

clarkwinkelmann

Most likely there's an image loaded over HTTP. The lab won't check for these kind of things. You should be able to find the infringing image url by looking at the browser console or network tab.

Or let us know your website url and we can quickly check that.

[deleted]

clarkwinkelmann Or let us know your website url and we can quickly check that.

Ok, thanks 😀

URL: [deleted]

Update: hmm... Just discovered: it happens only when FoF Discussion Thumbnail Extension is enabled...

clarkwinkelmann

[deleted] then it must be an HTTP image in one of the discussion, which ends up on the homepage because of the thumbnail extension.

You could use the secure https extension or CSP rules to prevent embedding HTTP images on the forum. I'm not sure if secure https and the thumbnail extension would work together.

[deleted]

clarkwinkelmann then it must be an HTTP image in one of the discussion, which ends up on the homepage because of the thumbnail extension.

You could use the secure https extension or CSP rules to prevent embedding HTTP images on the forum. I'm not sure if secure https and the thumbnail extension would work together

Thank you 😀 👍️