Amiga.org
Amiga.org specific forums => Amiga.org Discussion and Site Feedback => Topic started by: kolla on February 18, 2020, 07:09:38 AM
-
When browsing over https, the drop down menus from "Profile" and "My Messages" don't appear.
Most noticeable when the there is a notification indicator, for example "Profile [1]", there is no way of seeing what the [1] is about.
-
I didn't even know they were supposed to do that. It does make sense though.
-
The menu is simply not there, the arrow is missing.
-
The menu is simply not there, the arrow is missing.
Right, though... the HTML for the menus are there, I've not investigated any further why they don't show up.
-
Bump - even after update/upgrade, visiting this site using https is STILL broken. Same old, same old.
Never mind that allowing the same authentication tokens and cookies etc to be shared across https and http where any man-in-the-middle can snap them up isn’t exactly security. What does GDPR say about protecting user data? What is the penalty for not being GDPR compliant again? Do you feel lucky?
-
GDPR is stupid. I can force the site to use HTTPS completely if thats what you want.
Not our fault if someone decides to connect via http. We can't sit at everyones computer and educate them on HTTP and HTTPS.
The cookies were secure, but as you are moaning, I have now disabled sub domain cookies.
Site is now not accesable by HTTP://
Bump - even after update/upgrade, visiting this site using https is STILL broken. Same old, same old.
Never mind that allowing the same authentication tokens and cookies etc to be shared across https and http where any man-in-the-middle can snap them up isn’t exactly security. What does GDPR say about protecting user data? What is the penalty for not being GDPR compliant again? Do you feel lucky?
-
GDPR isn’t stupid, it’s a sad necessity because “the industry”, as you’re demonstrating so aptly, proved itself ignorant and straight out hostile to follow existing laws and regulations that already were in place.
And your argument is nonsense - it’s not a problem technically to either use https or use http, the problems arise when you insist on including content over http on a page that is otherwise accessed over https (and sometimes vice versa) and it doesn’t exactly help that the entire “certificate thing” apparently is something you haven’t quite managed to wrap your head around, so we sometimes get certificate errors on _other_ sites because of banners and ads loaded from your sites, that very often have wrong CN or missing alternative DNS hostnames in them, or have expired etc.
-
Right, this has run its course.
Not interested in you ramming your agressive opinion down my throat.
One thing I will say, part of your argument is stupid. Simply as if someone links or posts a pic, its not going to fall under SSL. So it will moan about parts of site not being secure.
GDPR isn’t stupid, it’s a sad necessity because “the industry”, as you’re demonstrating so aptly, proved itself ignorant and straight out hostile to follow existing laws and regulations that already were in place.
And your argument is nonsense - it’s not a problem technically to either use https or use http, the problems arise when you insist on including content over http on a page that is otherwise accessed over https (and sometimes vice versa) and it doesn’t exactly help that the entire “certificate thing” apparently is something you haven’t quite managed to wrap your head around, so we sometimes get certificate errors on _other_ sites because of banners and ads loaded from your sites, that very often have wrong CN or missing alternative DNS hostnames in them, or have expired etc.