The online racing simulator
LFS World login insecure
(12 posts, started )
LFS World login insecure
Yeah, confirming that I've (already) encountered this warning on both lfsmanual.net and lfsworld.net when using Firefox.

I've sometimes wondered that why those sites are still using HTTP instead of HTTPS unlike LFS.net which has used that type of connection/protocol for like two years already? Therefore, I suggest that those two sites would also use HTTPS instead of HTTP.
And it's easy peasy with LetsEncrypt these days...
Yeah true, would be nicer under the lfs.net domain instead.
FYI, Victor commented on this some time ago (before Let's Encrypt was in public beta).

There are, as most of us (including Vic), know, many reasons as to why a site should be configured properly for HTTPS. The most recent one being that browsers such as Firefox and Chrome have started (will start?) to visually flag sites as insecure not only when the certificate is invalid, but also if it's not configured to use a certificate at all.

For the record, the suggestion to redirect traffic from lfs[x|y|z].net to lfs.net will not work since the web browser would have to do a SSL handshake with the flagged site before being redirected -- still prompting an alert.

Edit: Well, technically the SSL handshake isn't the problem, it's the web browser's validation of the certificate that was transferred in the handshake that prompts the alert.
Thanks for the concern guys.
I'm currently testing let's encrypt on my dev site. Since it's looking good, I'll be looking into implementing it for the remaining unencrypted LFS sites soon.
** Best answer **
SSL has been added to lfsworld.net, *.lfsmanual.net and img.lfs.net now.
I think I've updated all links pointing there.
I'm not enforcing it hard (always redirecting to https) on www.lfsworld.net yet though, because I need to assess usage of e.g. pubstat in the different applications it's being called from. Not sure they can all handle a redirect and / or ssl. So that means plain http lfsworld will still work for now.
How about now?
Thank you Smile

LFS World login insecure
(12 posts, started )
FGED GREDG RDFGDR GSFDG