VOGONS

Common searches


HTTPS is available

Topic actions

  • This topic is locked. You cannot reply or edit posts.

First post, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Water flows down the stream
How to ask questions the smart way!

Reply 1 of 21, by clueless1

User metadata
Rank l33t
Rank
l33t
Qbix wrote:

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Let's Encrypt?

edit: Yup. Nice. I've got a few websites I'm going to use this on when their certs expire later this year.

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks

Reply 7 of 21, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

//

so remove the

http:

part.

Water flows down the stream
How to ask questions the smart way!

Reply 8 of 21, by laxdragon

User metadata
Rank Member
Rank
Member

Thanks for this.

For some added security you may want to add the following header:
X-Frame-Options: SAMEORIGIN

This will prevent any embedded, IFRAMES running.

You could also look into Content-Security-Policy header, but that one is a bit more complicated, esp since I see this site uses embedded javascript instead of linking to it in a .js file.

laxDRAGON.com | My Game Collection | My Computers | YouTube

Reply 9 of 21, by kolano

User metadata
Rank Oldbie
Rank
Oldbie
Qbix wrote:
Yeah it is caused by lightmasters signature. I think he would need to change the url to start with […]
Show full quote

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

//

so remove the

http:

part.

Can something be added to auto apply such to peoples existing signatures. Expecting people to update them is likely problematic.

Eyecandy: Turn your computer into an expensive lava lamp.

Reply 10 of 21, by lightmaster

User metadata
Rank Oldbie
Rank
Oldbie
Qbix wrote:
Yeah it is caused by lightmasters signature. I think he would need to change the url to start with […]
Show full quote

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

//

so remove the

http:

part.

Did try and didn't work, i'm sure i'ts my problem, pm me please.

25071588525_735097840e_b.jpg

Reply 11 of 21, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author

It seems it doesn't work for the img tag 🙁
I have set your signature to https now, which works fine, but Ideally I'd like to get the other solution working as well. Although we can't do it for everything. The img hoster needs to support it as well. A perfect solution doesn't exist.

So the best I can offer is this:
If you use an image in your signature and the host of the image supports https, please change the link to use the https instead of http.

Water flows down the stream
How to ask questions the smart way!

Reply 13 of 21, by FFXIhealer

User metadata
Rank Oldbie
Rank
Oldbie

Sounds cool, but I can't use the HTTPS version of the site from Firefox 2.0 on Windows 98 FE. I get an error code. The regular version works perfectly fine, though this is the first time I'm trying it out.

Error establishing an encrypted connection to http://www.vogons.org. Error Code: -8092.

Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

292dps.png
3smzsb.png
0fvil8.png
lhbar1.png

Reply 15 of 21, by laxdragon

User metadata
Rank Member
Rank
Member

It did, but only older style encryption. Modern websites use TLS 1.1 and above. Anything else is considered insecure. Even 1.1 is being phased out I believe.

laxDRAGON.com | My Game Collection | My Computers | YouTube

Reply 17 of 21, by calvin

User metadata
Rank Member
Rank
Member

Consider running with HSTS and pinning. Older browsers that don't understand will happily use the insecure site, while newer browsers that support it can enforce the TLS version.

2xP2 450, 512 MB SDR, GeForce DDR, Asus P2B-D, Windows 2000
P3 866, 512 MB RDRAM, Radeon X1650, Dell Dimension XPS B866, Windows 7
M2 @ 250 MHz, 64 MB SDE, SiS5598, Compaq Presario 2286, Windows 98

Reply 18 of 21, by clueless1

User metadata
Rank l33t
Rank
l33t

I just noticed https is now working by default. Has it been that way for awhile and I'm just now noticing?

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks

Reply 19 of 21, by clueless1

User metadata
Rank l33t
Rank
l33t

I thought back in December https was on by default, but...
Every time I go to "vogons.org" and login, it defaults to the http page unless I manually type the https part. On my trusted PCs, it's not an issue, as lastpass logs me into the secure page. But I do access this site from public PCs on occasion.

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks