[trpted]

I point to https://www.cloudfla.../why-use-https/ and quote where it has I don’t handle sensitive information on my website so I don’t need HTTPS ?

Quote

A common reason websites don’t implement security is because they think it’s overkill for their purposes. After all, if you’re not dealing with sensitive data, who cares if someone is snooping? There are a few reasons that this is an overly simplistic view on web security. For example, some Internet service providers will actually inject advertising into HTTP-served websites. These ads may or may not be in line with the content of the website, and can potentially be offensive, aside from the fact that the website provider has no creative input or share of the revenue. These injected ads are no longer feasible once a site is secured.

Modern web browsers now limit functionality for sites that are not secure. Important features that improve the quality of the website now require HTTPS. Geolocation, push notifications and the service workers needed to run progressive web applications (PWAs) all require heightened security. This makes sense; data such as a user’s location is sensitive and can be used for nefarious purposes.

Please and thank you.


PS. I was using FF ver 84.0. About the older version

Quote

This version introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences.

I have that feature enabled and the openrails website is white listed per Turn off HTTPS-Only Mode for certain sites at https://support.mozi...ttps-only-prefs

[Genma Saotome]

This requires an upgrade to the board software and that's not a trivial matter.

[Weter]

Now everything over here is working instantly and precise
Better kills good.

[trpted]

Genma Saotome, on 26 December 2020 - 10:13 PM, said:

This requires an upgrade to the board software and that's not a trivial matter.

While that would be nice, I was talking about http://openrails.org/

When I tried to connect to the SSL version of that site:

#1 FF warned me that

Quote

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for openrails.org. The certificate is only valid for the following names: www.atomic-systems.com, new.atomic-systems.com, wpcallback.atomic-systems.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN

#2 After I told FF to accept the risk, I got a 404 error. :(

Please and thank you

[EDIT #1] Added what happens if I try to connect to the SSL version of that site..

[EDIT #2] Since I was not talking about this site/forum, I respect you for not switching to full SSL until you are ready. :)

This post has been edited by trpted: 27 December 2020 - 06:08 AM

[trpted]

Weter, on 27 December 2020 - 06:25 AM, said:

Trpted,
Did you see that topic?
http://www.elvastowe...-https-support/

No, I did not before my posting as I recently registered and that thread is in the Members Only area.

And this thread of mine is not about this site and message board, it is about http://openrails.org/

[cjakeman]

trpted, on 27 December 2020 - 08:43 AM, said:

And this thread of mine is not about this site and message board, it is about http://openrails.org/

I am one of those looking after the Open Rails website and, I agree, that it would be better to use the HTTPS.

We're hoping to take control of the website infrastructure in a month or so and will switch to the HTTPS protocol as part of that project. Please bear with us in the meantime.

[YoRyan]

HTTPS is enabled at the GitHub Pages mirror at or-test.youngryan.com. (IPv6 support would be dependent upon GitHub getting their act together.)

As Chris said, we hope to switch the official domain to this version in the near future.

[trpted]

Cool, good to know.