We're on Discord! Please join our server now if you don't want to miss anything! (More info) | Join the UCC4 contest! (More info)

* WalrusIRC & Discord main room

If you have a forum account, have more than 4 posts and are not part of a restricted usergroup, then you can chat in our main Discord server room directly from here and continue using the forums at the same time. Or you can join our server directly and access many more discussion rooms!

Poll

Should we kill HTTP access support on CW and make the site HTTPS-only for security?

Yes
18 (85.7%)
No
3 (14.3%)

Total Members Voted: 21

Author Topic: Killing HTTP support on CodeWalrus (site would become HTTPS-only)  (Read 16951 times)

0 Members and 2 Guests are viewing this topic.

Offline DarkestEx

  • Super User
  • Join Date: Jan 2015
  • Location: Germany
  • Posts: 1346
  • Post Rating Ratio: +11/-2
    • @0xbmuessig
    • @muessigb
  • Gender: Male
As juju said, regular http works for browsers that don't support modern crypto.
Then it must be HTTPS resources on the front page making it not work.
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, Tektronix AWG2021, IBM X60s, IBM X60t, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360

Offline Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3264
  • Post Rating Ratio: +39/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
As juju said, regular http works for browsers that don't support modern crypto.
Then it must be HTTPS resources on the front page making it not work.
As I said.

And as I said, we got everything covered to offer you a potable experience on old browsers.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
One issue with SMF plugins is that they sometimes require us to use absolute links rather than relative. I wish the URL tag allowed us to use relative links.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline gameblabla

  • Super User
  • Join Date: May 2015
  • Location:
  • Posts: 810
  • Post Rating Ratio: +15/-7
  • TI-nspire porter
img.codewalr.us 's certificate is self-signed, which means that over HTTPS,
Firefox (and maybe Chrome) will refuse to serve it.

juju and streetwalrus should fix dis.
  • Calculators owned: TI Nspire CX, TI-89

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
To be honest, when we switched to LE I thought this would solve all our sub-domain cert issues. @Juju and @Streetwalrus should indeed fix this. Plus this would allow us to finally use SSL for the WalrusIRC smileys and other things.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Streetwalrus

  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 2903
  • Post Rating Ratio: +20/-0
img.codewalr.us 's certificate is self-signed, which means that over HTTPS,
Firefox (and maybe Chrome) will refuse to serve it.

juju and streetwalrus should fix dis.
Https is not enabled on that subdomain, I have no idea how this is happening.
Let's Encrypt can't fix anything, all it does is give us certs for free. We need to take care of things.

Edit: actually it's probably trying to serve the default subdomain, pretty sure that's the issue.
« Last Edit: December 05, 2016, 05:43:03 am by Ş̴̀t̵́́͜͝r͏͝é̷̢͝e̢̨̡̕͟t̢̀́͢͠w̕̕á̷̧ļ҉̸́̕r̶҉̵̴͞u͟͝҉ş̴̀ ̶͏ »

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Ah that might explain it. I recall trying one of the sub-domain on https and it redirected to a Rick Astley pic.

I think we should enable https on all subdomains.
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3264
  • Post Rating Ratio: +39/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Ah yeah, HTTPS might not be enabled on all domains in the webserver's config, nothing to do with Let's Encrypt.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline xlibman

  • Omni founder & CW co-founder
  • CodeWalrus Staff
  • Super User
  • Moderator
  • Forum Maintenance
  • Original 5
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 19069
  • Post Rating Ratio: +101/-5
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Can't it be fixed?
  • Calculators owned: TI-84 Plus C Silver Edition, TI-84 Plus CE, Casio fx-CG10
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nintendo Switch, Playstation TV

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline Streetwalrus

  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 2903
  • Post Rating Ratio: +20/-0
It can, but it's effort. :P
Will look into it tonight.

Offline Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3264
  • Post Rating Ratio: +39/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Don't think it is a lot of effort.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline Streetwalrus

  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 2903
  • Post Rating Ratio: +20/-0
Yeah, just need a little bit of setup, shouldn't be hard at all.
Would be cool if nginx supported variables/macros in the config so we could just add an include line and add the domain to acmetool, and boom, https.

Offline Juju

  • aka Yuki Kagayaki aka J̵̭͕͇ù̞̭̝̯̦j̴̭̙̗͖͡ù͏͓̲̕
  • CodeWalrus Staff
  • Super User
  • Server Maintenance
  • Moderator
  • Forum Maintenance
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Inside a walrus
  • Posts: 3264
  • Post Rating Ratio: +39/-2
  • Couch potato
    • jul.savard
    • juju2143
    • @juju2143
    • juju2143
    • @julosoft
    • juju-kun
    • /u/juju2143
    • juju2143
    • @juju2143
    • Juju's shed
  • Gender: Female
  • WalriiPoints: 99999
Ah yeah, that would be fun. I think nginx supports variables. Probably.

The best would be to renew the certs directly in the config and I think it's possible.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Offline Streetwalrus

  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location:
  • Posts: 2903
  • Post Rating Ratio: +20/-0
I already have this thing set up, you just tell it that you want certs for a given subdomain and it will check and renew them on a cronjob.
The only problem is the nginx config, lots of copy-pasta. Also our current config is a bit messy. :P

Offline gameblabla

  • Super User
  • Join Date: May 2015
  • Location:
  • Posts: 810
  • Post Rating Ratio: +15/-7
  • TI-nspire porter
Bump.
More and more browsers are now complaining about insecure connections.
And while codewalr.us does support HTTPS, there are some issues :
- The fact on the frontpage, some images uses http: rather than https:. Should be fairly trivial to fix.
- Cookies do not use the HttpOnly and Secure flags. Should be done for security

I believe it should be made HTTPS-only because even on older operating systems like NT 4.0, it is possible to visit secure websites with TLS 1.0 and all.
As for browsers that do not support HTTPS, i honestly doubt they can support codewalr.us properly anyway.
Preferably, codewalrus should also support CSP, here are the csp settings i use for my website.

Code: [Select]
Header always set Content-Security-Policy "default-src 'none' ; base-uri 'none';
frame-ancestors 'none'; form-action 'none';
font-src 'self'; child-src 'none'; script-src 'self'; object-src 'none';
connect-src 'none'; style-src 'self'; img-src 'self';"

Of course, since codewalrus supports scripting, you should tweak them according to your needs.

You can use the observatory by Mozilla for more info :
https://observatory.mozilla.org
  • Calculators owned: TI Nspire CX, TI-89

 


You can also use the following HTML or bulletin board code to share it on your page or forum signature!


Also do not forget to check our affiliates below.
Planet Casio TI-Planet Calc.news BroniesQC BosaikNet Velocity Games