Folks,
I am newbie to SSL certificates.
We just put SSL for our website, which developed PHP codeigniter framework.
My site is under https protocol. If I call the other url from that website's page, it also showing in https prefixed..
That child url is third party url, which needs to call from javascript. It is available in only http, not in https.
I am mentioning
function {
host:'abc.des.com';
}
In my firebug console the response shows https prefixed before this url. But I want response as in only http.
Hope someone will guide me in this.
Related
My VueJS/Laravel site is running https by default but somehow there is an endpoint that when called is still on http instead of https. This project wasn't developed by me and I have limited knowledge on Laravel. Nginx configuration seems to be fine, where would the issue be most probably? I'm not sure where to start looking. Somehow this app is able to run without having to use URL::forceScheme('https'); and again nginx seems to be good (since by default the site is already on https). Most parts of the api call https save to just one URL. Why does this happen?
The application are using vue components? If yes, so check into the components where the ajax is sending the URL and check if it is setting the URL endpoint with http.
Is recommended to set the URL endpoint domain variable into a .env file and call the URL endpoint domain variable into the URL endpoint param on ajax method.
On this way you has no risk of send a different URL endpoint.
Please help anyone my php youtube grabber site https://mymovies24.in not working HTTPS all video displaying page but HTTPS working other page example mymovies24.in/category , mymovies24.in/contact-us etc
Please any solution plz
Youtube thumbnail URLs are http, not https, therefore web browsers consider your pages as non secure, because of mixed content (http + https). Update all your pages' resources to be https, no exception.
I've a website (domain from godaddy and hosted in hostgator). As I updated the certificates, manually, I can redirect my site to https, but it is always going to http from google search. After searching online, I got to know that Considering Strict-Transport-Security: max-age=15768000 as result of curl -i -L on target domain will work for my need as it will force a browser to open the website in https. But I'm confused about how to implement this to my website.
Can anyone help me on this ?
Not sure this is right for Stack Overflow. Then again it covers so many topics that it doesn't fit nicely in any other Stack Exchange site either. So anyway will attempt to answer.
Redirects.
What do you mean "I can redirect my site to https"? You should redirect your site to https now you've gone through the hassle of setting this up so are you doing it? Or are you able to access both http and https? If so find out how to force https even if the user sets up http.
This is set up with a redirect rule on your web server. Not sure whether you have direct access to your config (e.g. .htaccess file if using Apache) or require your host provider to set this up for you.
Google search
Regarding Google Search, once you have the redirect set up, it will take some time for Google to recognise this and update the links in their search index to show the https version of the pages.
Saying that there are ways you can tell Google about this to hurry up the process:
Do you force a redirect to https? If not Google will decide which site to show (http or https) based on a number of factors.
Do you have a site map and have you updated those links to https?
Do you have a rel="canonical" setting in the HTML of any of your pages and is it set to the https version? This tells Google which is the real version of the page if, for example, you allow both http and https versions of the page (not recommended).
Have you registered the https version of your site with Google Search Console? If so are there any errors in there? You can also kick off a re-index request in here.
Have you set all internal links to be https or, better yet, relative links.
Can you update any external links to be https instead of http.
HTTP Strict Transport Security (HSTS)
This is an advanced topic so really wouldn't recommend it until you understand it more. Basically it's a HTTP Header you send back with your webpage over https to tell web browsers "hey I'm an https-only site. From now on, automatically translate any http requests to https automatically before you even send them to me".
It is a good security addition on top of redirects but crucially it does not replace the need for redirects. Redirects need to be in place first to send it to https, at which point your web server can send the HSTS HTTP Header (and which the browser will cache so it knows to change to HTTPS next time).
To set it up you send a HTTP Header like this (but only over https requests).
Strict-Transport-Security "max-age=16070400"
This can be setup in your webserver, or in your php files or any other way you can send HTTP Headers.
Be aware that this we'll prevent your site being available over http, so if you decide to turn off https for whatever reason, then you've basically blocked you're site for up to the max-age time for any browsers that have cached that setting.
For more information on HSTS see here:
301 Redirect and HSTS in .htaccess
But I really don't think that's what you are looking for here. It tells web browsers (like Google Chrome) to force https and is nothing to do with search engines (like Google Search) as, at present, they ignore this Header.
I don't really understand the differences between HTTP and HTTPS except that HTTTPS encrypts the data transmission (I think, correct me if I am wrong). Now, I am about to get my Facebook Page Tab up and running. For this I need my Tab URL at my CakePHP app also to be accessible over HTTPS. How do I do that in CakePHP? Just writing an HTTPS instead of just HTTP in the URL doesn't do the job.
I am trying to code a website that uses PHP protocol toggling to switch from HTTP and HTTPS on the fly but since I have coded my website in JQuery mobile now, it seems to just hit the "error loading page" and never loads those sections of my website. What might be causing that?
Although it is slightly different in nature, this question will help you resolve your issue: AJAX calls to untrusted (self-signed) HTTPS fail silently.
Because you are most likely using a self-signed certificate or a certificate for a different subdomain, AJAX calls will fail by default since they cannot accept the certificate for security purposes.
You can add rel="external" in every tag to redirect to from http => https or https => http