Thanks a lot!
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
login SSL, browse and interact non SSL | Forum
James Hart
Jun 27 '13
Is there a way to make the initial login SSL and after login, force everything to NON-SSL? I need the SSL login for pci stuff, but after that, it can be in NON-SSL mode. Just can't keep people from posting non-ssl embed videos and images. Any ideas? Is there a way to do that and someone has already figured it out or is there something custom that needs to be done?
Chris
Jun 28 '13
you need to configure it in your .htaccess file. You will have to specify the page you want to run in ssl using rewrite codes. I tried to do this myself, but couldn't manage it, i now just run my whole site in ssl.
you can check out this page and try it yourself.
http://www.askapache.com/...age-in-htaccess.html
you can check out this page and try it yourself.
http://www.askapache.com/...age-in-htaccess.html
James Hart
Jun 28 '13
Chris,
But how do you get around when someone post a link in the newsfeed ? It pulls up thumbnails that link directly from the external source and cause a ssl missmatch? Ultimately, that is the problem for me. I don't want to be having to deal with fixing a hundred peoples 'links' every time they post an update.
Chris
Jun 29 '13
your site will run fine even if you have urls that are not https, some browsers will recognise an unsecured connection, but will not block your site or the link.
I did have some issues with facebook JS codes, but I updated the URL to https and now everything runs great.
I am trying to find a permanent solution, where by external urls that are not secured are rewritten behind my SSL certificate, something like this;
http://www.unsecured-url.com
rewritten to
https://www.my-secured-site.com=http://www.unsecured-url.com
Facebook do something similar and all there uploaded media and urls, become secured behind there own ssl. I'm not sure if it is at all possible for oxwall, but I will try to find a solution.
I did have some issues with facebook JS codes, but I updated the URL to https and now everything runs great.
I am trying to find a permanent solution, where by external urls that are not secured are rewritten behind my SSL certificate, something like this;
http://www.unsecured-url.com
rewritten to
https://www.my-secured-site.com=http://www.unsecured-url.com
Facebook do something similar and all there uploaded media and urls, become secured behind there own ssl. I'm not sure if it is at all possible for oxwall, but I will try to find a solution.
