: HTTPS on all pages where user is logged on I know this is considered best practise to prevent cookie hijacking. I would like to adopt this approach, but ran across a problem on our forum

I know this is considered best practise to prevent cookie hijacking. I would like to adopt this approach, but ran across a problem on our forum where the users post images which either aren't posted with URL's over HTTPS or the url itself doesn't support HTTPS. This throws up a lot of ugly browser warnings.

I see I have two options:

Disable HTTPS for the forum
Force all user posted content to start with // in the url so it selects the right protocol, if it doesn't support HTTPS so be it

Do I have any other options? How do other sites deal with this?

10.01% popularity Vote Up Vote Down

: A script that would create snapshots of web pages Possible Duplicate: Command-line website screenshot tool I have a list of websites that I need the "screenshot" of. Is there a

@Pope3001725

Posted in: #LookingForAScript

1 Comments

: After changing web host, I get a 'file does not exist' error I run a WordPress blog, and have recently changed web hosts. When changing web hosts, I copied all files and exported/imported the

@Pope3001725

Posted in: #Chmod #Php #Redirects #WebHosting #Wordpress

2 Comments

: Is there any Google Adsense revenue if a visitor rolls over (hovers) on an ad unit? I have noticed an increase in interactive flash animations especilly on 300px wide adsense ads. Many of them

@Pope3001725

Posted in: #Google #GoogleAdsense #GoogleAdwords #Revenue

1 Comments

: Why are we being twitter spammed? This is a search relating to us: https://twitter.com/#!/search/realtime/scirra We're getting a of of new accounts tweeting: The Layers Bar - Scirra.com Firstly

@Pope3001725

Posted in: #Botattack #Spam #Twitter

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Marchetta884

Option 3 is to proxy the images. However, this has legal issues.

Option 4 is to replace ... images with a placeholder to open them in a new tab. Optionally have the server code first rewrite to and make a request to check whether it's supported.

10% popularity Vote Up Vote Down

Feed

: HTTPS on all pages where user is logged on I know this is considered best practise to prevent cookie hijacking. I would like to adopt this approach, but ran across a problem on our forum

More posts by @Pope3001725

: A script that would create snapshots of web pages Possible Duplicate: Command-line website screenshot tool I have a list of websites that I need the "screenshot" of. Is there a

: After changing web host, I get a 'file does not exist' error I run a WordPress blog, and have recently changed web hosts. When changing web hosts, I copied all files and exported/imported the

: Is there any Google Adsense revenue if a visitor rolls over (hovers) on an ad unit? I have noticed an increase in interactive flash animations especilly on 300px wide adsense ads. Many of them

: Why are we being twitter spammed? This is a search relating to us: https://twitter.com/#!/search/realtime/scirra We're getting a of of new accounts tweeting: The Layers Bar - Scirra.com Firstly

Login to post a comment!

1 Comments

Back to top | Use Dark Theme