Welcome, Guest. Please login or register.

Author Topic: Drop-down menus don't appear when using https.  (Read 2093 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline kollaTopic starter

Drop-down menus don't appear when using https.
« on: February 18, 2020, 07:09:38 AM »
When browsing over https, the drop down menus from "Profile" and "My Messages" don't appear.
Most noticeable when the there is a notification indicator, for example "Profile [1]", there is no way of seeing what the [1] is about.
B5D6A1D019D5D45BCC56F4782AC220D8B3E2A6CC
---
A3000/060CSPPC+CVPPC/128MB + 256MB BigRAM/Deneb USB
A4000/CS060/Mediator4000Di/Voodoo5/128MB
A1200/Blz1260/IndyAGA/192MB
A1200/Blz1260/64MB
A1200/Blz1230III/32MB
A1200/ACA1221
A600/V600v2/Subway USB
A600/Apollo630/32MB
A600/A6095
CD32/SX32/32MB/Plipbox
CD32/TF328
A500/V500v2
A500/MTec520
CDTV
MiSTer, MiST, FleaFPGAs and original Minimig
Peg1, SAM440 and Mac minis with MorphOS
 

Offline paul1981

Re: Drop-down menus don't appear when using https.
« Reply #1 on: March 06, 2020, 03:10:52 PM »
I didn't even know they were supposed to do that. It does make sense though.
 

Offline TribbleSmasher

Re: Drop-down menus don't appear when using https.
« Reply #2 on: March 06, 2020, 04:55:08 PM »
The menu is simply not there, the arrow is missing.
 

Offline kollaTopic starter

Re: Drop-down menus don't appear when using https.
« Reply #3 on: March 06, 2020, 05:10:29 PM »
The menu is simply not there, the arrow is missing.
Right, though... the HTML for the menus are there, I've not investigated any further why they don't show up.
B5D6A1D019D5D45BCC56F4782AC220D8B3E2A6CC
---
A3000/060CSPPC+CVPPC/128MB + 256MB BigRAM/Deneb USB
A4000/CS060/Mediator4000Di/Voodoo5/128MB
A1200/Blz1260/IndyAGA/192MB
A1200/Blz1260/64MB
A1200/Blz1230III/32MB
A1200/ACA1221
A600/V600v2/Subway USB
A600/Apollo630/32MB
A600/A6095
CD32/SX32/32MB/Plipbox
CD32/TF328
A500/V500v2
A500/MTec520
CDTV
MiSTer, MiST, FleaFPGAs and original Minimig
Peg1, SAM440 and Mac minis with MorphOS
 

Offline kollaTopic starter

Re: Drop-down menus don't appear when using https.
« Reply #4 on: October 17, 2022, 06:56:41 PM »
Bump - even after update/upgrade, visiting this site using https is STILL broken. Same old, same old.

Never mind that allowing the same authentication tokens and cookies etc to be shared across https and http where any man-in-the-middle can snap them up isn’t exactly security. What does GDPR say about protecting user data? What is the penalty for not being GDPR compliant again? Do you feel lucky?
« Last Edit: October 17, 2022, 06:57:30 PM by kolla »
B5D6A1D019D5D45BCC56F4782AC220D8B3E2A6CC
---
A3000/060CSPPC+CVPPC/128MB + 256MB BigRAM/Deneb USB
A4000/CS060/Mediator4000Di/Voodoo5/128MB
A1200/Blz1260/IndyAGA/192MB
A1200/Blz1260/64MB
A1200/Blz1230III/32MB
A1200/ACA1221
A600/V600v2/Subway USB
A600/Apollo630/32MB
A600/A6095
CD32/SX32/32MB/Plipbox
CD32/TF328
A500/V500v2
A500/MTec520
CDTV
MiSTer, MiST, FleaFPGAs and original Minimig
Peg1, SAM440 and Mac minis with MorphOS
 

Offline F0LLETT

  • Amigakit / A-EON Support
  • Administrator
  • Sr. Member
  • *****
  • Join Date: Aug 2007
  • Posts: 419
  • Country: gb
  • Thanked: 10 times
  • Gender: Male
    • Show only replies by F0LLETT
    • http://www.ultimateamiga.co.uk
Re: Drop-down menus don't appear when using https.
« Reply #5 on: October 18, 2022, 09:07:21 AM »
GDPR is stupid. I can force the site to use HTTPS completely if thats what you want.
Not our fault if someone decides to connect via http. We can't sit at everyones computer and educate them on HTTP and HTTPS.

The cookies were secure, but as you are moaning, I have now disabled sub domain cookies.
Site is now not accesable by HTTP://

Bump - even after update/upgrade, visiting this site using https is STILL broken. Same old, same old.

Never mind that allowing the same authentication tokens and cookies etc to be shared across https and http where any man-in-the-middle can snap them up isn’t exactly security. What does GDPR say about protecting user data? What is the penalty for not being GDPR compliant again? Do you feel lucky?
« Last Edit: October 18, 2022, 09:15:59 AM by F0LLETT »
Quote from: Hungry Horace
Resolute and Industrious Grand ruler of the yellow people and the Ultimate Amiga Empire
Ultimate Amiga Network (Home of SONY PSP Amiga Emulator and AMOS Factory)

Quote from:  He who shall not be named
"Chris is that you!!!"
My all time favorite quote.
 

Offline kollaTopic starter

Re: Drop-down menus don't appear when using https.
« Reply #6 on: October 18, 2022, 10:53:08 PM »
GDPR isn’t stupid, it’s a sad necessity because “the industry”, as you’re demonstrating so aptly, proved itself ignorant and straight out hostile to follow existing laws and regulations that already were in place.

And your argument is nonsense - it’s not a problem technically to either use https or use http, the problems arise when you insist on including content over http on a page that is otherwise accessed over https (and sometimes vice versa) and it doesn’t exactly help that the entire “certificate thing” apparently is something you haven’t quite managed to wrap your head around, so we sometimes get certificate errors on _other_ sites because of banners and ads loaded from your sites, that very often have wrong CN or missing alternative DNS hostnames in them, or have expired etc.
B5D6A1D019D5D45BCC56F4782AC220D8B3E2A6CC
---
A3000/060CSPPC+CVPPC/128MB + 256MB BigRAM/Deneb USB
A4000/CS060/Mediator4000Di/Voodoo5/128MB
A1200/Blz1260/IndyAGA/192MB
A1200/Blz1260/64MB
A1200/Blz1230III/32MB
A1200/ACA1221
A600/V600v2/Subway USB
A600/Apollo630/32MB
A600/A6095
CD32/SX32/32MB/Plipbox
CD32/TF328
A500/V500v2
A500/MTec520
CDTV
MiSTer, MiST, FleaFPGAs and original Minimig
Peg1, SAM440 and Mac minis with MorphOS
 

Offline F0LLETT

  • Amigakit / A-EON Support
  • Administrator
  • Sr. Member
  • *****
  • Join Date: Aug 2007
  • Posts: 419
  • Country: gb
  • Thanked: 10 times
  • Gender: Male
    • Show only replies by F0LLETT
    • http://www.ultimateamiga.co.uk
Re: Drop-down menus don't appear when using https.
« Reply #7 on: October 19, 2022, 09:05:47 AM »
Right, this has run its course.
Not interested in you ramming your agressive opinion down my throat.

One thing I will say, part of your argument is stupid. Simply as if someone links or posts a pic, its not going to fall under SSL. So it will moan about parts of site not being secure.


GDPR isn’t stupid, it’s a sad necessity because “the industry”, as you’re demonstrating so aptly, proved itself ignorant and straight out hostile to follow existing laws and regulations that already were in place.

And your argument is nonsense - it’s not a problem technically to either use https or use http, the problems arise when you insist on including content over http on a page that is otherwise accessed over https (and sometimes vice versa) and it doesn’t exactly help that the entire “certificate thing” apparently is something you haven’t quite managed to wrap your head around, so we sometimes get certificate errors on _other_ sites because of banners and ads loaded from your sites, that very often have wrong CN or missing alternative DNS hostnames in them, or have expired etc.
« Last Edit: October 19, 2022, 12:04:58 PM by F0LLETT »
Quote from: Hungry Horace
Resolute and Industrious Grand ruler of the yellow people and the Ultimate Amiga Empire
Ultimate Amiga Network (Home of SONY PSP Amiga Emulator and AMOS Factory)

Quote from:  He who shall not be named
"Chris is that you!!!"
My all time favorite quote.