HTTPS Strikes Again


HTTPS Strikes Again

Some of you might have noticed a yellow warning triangle when visiting a page with one or more news items or reports ever since we switched over the site to HTTPS. This warning basically meant that, while the main site was sent over a secure connection, one or more assets on the news items were pulled in through insecure channels, which the browser would view as a potential security issue. I have just added a so-called Content Security Policy onto the site in order to force the browser to only accept content (images, news headers, etc.) through HTTPS. This might make the lives of those using images in their reports slightly more difficult at first, but it should be easy to fix, as most proper image hosts such as imgur already support serving their content over HTTPS. The Dark Brotherhood site even has it's own place to host images for news items and reports that can be found under the Manage Assets link on the admin page for those that have the ability to post news and/or reports, and I highly recommend switching over to it instead of relying on external third parties :)

In the end, this makes the site a little bit more secure once more :)

James L. Entar

+1 for security!

James, a the Manage Assets link says that we should only upload files that are directly related to the position we've got. For the most part, I've been avoiding using them due to the fact that the images I use are often one offs or personally related to me. Is there any possibility we can get something that's more of a generalized use when you have access to make news posts?

Obviously bandwidth/storage may be a problem, just wondering if it'd be possible.

You need to be logged in to post comments