bblog dosent work with the https version of battlelog - Better Battlelog Forums #1939

Sitemap
Topicstarter
hello bblog dosent work if you force
https://battlelog.battlefield.com

can make it work with the https version aswell?

bblog version 2.2.1
browser firefox
That is true. BBLog is designed to (not) do this because https is a secure thing.
BBLog doesn't have https certificates because it costs money (120 € per year).
And BBLog's first directive is: Be secure, be serious.
BBLog Addon requires some connections to BBLog servers (Addon checks, news, cloud, etc...) and that connection is not secure because of the lack of a ssl certificate.
So therefore we don't add support for https. Technically it is not a problem but it's not secure to connect from https http.
And a self signed certificate is also a no-go.
Topicstarter
brain wrote:
That is true. BBLog is designed to (not) do this because https is a secure thing.
BBLog doesn't have https certificates because it costs money (120 € per year).
And BBLog's first directive is: Be secure, be serious.
BBLog Addon requires some connections to BBLog servers (Addon checks, news, cloud, etc...) and that connection is not secure because of the lack of a ssl certificate.
So therefore we don't add support for https. Technically it is not a problem but it's not secure to connect from https http.
And a self signed certificate is also a no-go.


i just tought you could leave bblogs conncetions unsecure and just make it possible to connect to battefields servers securly but a guess you dont like the idea
as he said:
Technically it is not a problem but it's not secure to connect from https http.


that means, a user HAVE a SECURED Connection if he have https.
So, if he use BBLog unsecured he DON'T have a 100% secured connection during using https.

We DONT WANT that the users have misstakes like this.
Yep. Secure to unsecure or unsecure to secure connection as a no-go for us (and should also be a no-go for all others).
Seems like GoDaddy.com is giving away 1 year certifications FREE of charge for open source projects.
Last time I checked BBLog is open source so I guess you could grab a certificate if you feel like it brain :P
https://www.godaddy.com/ssl/ssl-open-source.aspx


If nothing else it could be nice to try it for 1 year, when it's free and all.
godaddy gave me a free SSL for a year when i bought the hosting for my charity. it wasn't part of the plan or anything... i just asked them if they would do it, and they did.
The problem is, i also have a 1 year free SSL certificate from my hoster BUT after this year it costs much money.
If a integrate SSL now and than remove it in 1 year again we have 2 problems:

1. Code that need to be reworked again
2. Many pissed off people.
Oh, I understand.

I guess you can use one of the free (free for ever) certification services out there that no browser recognizes and for that matter puts up a WARNING every time you try to load the page. LoL, joke...
Looking forward to the launch of
https://letsencrypt.org/
...
Georgeto wrote:
Looking forward to the launch of
https://letsencrypt.org/
...


Yep, i am too.
this project looks interessting :-)
i will keep an eye on them too!