Noticed that you can use SSL to retrieve posters but the main site doesn't currently utilize it. Would love to see across the board use of SSL. Especially given that you can get free ssl certs using letsencrypt.org now.
Unfortunately letsencrypt wasn't live yet when the current version of our infrastructure was created. SSL will be added in the future - likely this year. :)
david wrote:
Unfortunately letsencrypt wasn't live yet when the current version of our infrastructure was created. SSL will be added in the future - likely this year. :)
You *had* SSL and then turned it off. In fact, you're now redirecting ALL HTTPS request to HTTP.
No, there was no HTTPS at all a year ago when this thread was created. We currently support HTTPS on sensitive pages like login, register, the dashboard and the API's. See http://www.tvmaze.com/blogs/20/https-now-enabled-on-the-api.
David, whilst you're here.
I created a related thread 10 days ago where there is a case of HTTPS to HTTP redirect on the API;
david wrote:
No, there was no HTTPS at all a year ago when this thread was created. We currently support HTTPS on sensitive pages like login, register, the dashboard and the API's. See http://www.tvmaze.com/blogs/20/https-now-enabled-on-the-api.
Also, they may be referring to API is currently showing invalid certificate on chrome (NET::ERR_CERT_AUTHORITY_INVALID)
gazza911 wrote:
Also, they may be referring to API is currently showing invalid certificate on chrome (NET::ERR_CERT_AUTHORITY_INVALID)
Fine here, and SSLlabs gives it an A: https://www.ssllabs.com/ssltest/analyze.html?d=api.tvmaze.com
david wrote:
Fine here, and SSLlabs gives it an A: https://www.ssllabs.com/ssltest/analyze.html?d=api.tvmaze.com
Oops, that appears to be my anti-virus with a setting that has been merged from two separate settings in earlier versions.
Although my other thread does still apply.
david wrote:
You can use HTTPS for each page on the site now. Check it out!
nice work, appreciate all the features you guys are adding in lately.
the filters on the edit logs are a nice addition too. :D
bungle wrote:
nice work, appreciate all the features you guys are adding in lately.the filters on the edit logs are a nice addition too. :D
Which filers are you talking about, User/Action? They exist for a long time, if I'm not mistaken.
tnt wrote:
Which filers are you talking about, User/Action? They exist for a long time, if I'm not mistaken.
yes those. news to me haven't seen them before lol
Any plans to make https the default? I keep getting brought to http links on this site :(
Not sure what the plans are for the site, but you can download the browser extension HTTPS Everywhere (there are versions for Chrome and Firefox at least) which will give you a secure connection. (the mobile browser Brave I think already has it loaded)
Hmm yeah, that might be a good idea. Thanks
Maybe it's time to disable http on this site now, since Chrome has started marking all sites that aren't https as "not secure", and will mark it in red at some point too.
Not to mention, Google ranks sites with https on by default higher in the results then ones without.
https://www.bernskioldmedia.com/en/chrome-will-mark-http-sites-not-secure-july/
I don't know, guess I just don't understand the reasoning behind not going full on https.