Closed qgustavor closed 6 years ago
cuducos
commented
6 years ago Many thanks, @qgustavor. I edited you post to convert your list into a TODO list, ok?
~Regarding number 1: we're changing servers and that should be fixed afterwards~ fixed by d128b02
Regarding number 2: what do you suggest in those cases?
~Regarding number 3: fixing now, gonna cross that out in a minute.~
qgustavor
commented
6 years ago That's ok. About the mixed content issue can you rehost images?
cuducos
commented
6 years ago About the mixed content issue can you rehost images?
Yes we can. But definitively it's not a priority at the moment. Is this the only alternative?
qgustavor
commented
6 years ago Having images being loaded via HTTP allows those be changed on a MITM attack, but it's not bad like adding adversiments or changing textual content. Rehosting would be a good thing to avoid issues with websites that block hotlinking. Can you rehost images hosted on websites which don't support HTTPS (at the moment only one hosted on piauihoje.com) and fix the other images to point to HTTPS? If not then I don't have other idea. At least, the risk was reduced by loading the page over HTTPS.
cuducos
commented
6 years ago cuducos
commented
6 years ago I'm gonna close this issue and open a more specific one (related to external images and HTTPS). Feel free to jump in, @qgustavor ; )
The server hosting vitimasdaintolerancia.org supports HTTPS and have a valid certificate from Let's Encrypt, but there are some issues:
static.nsctotal.com.br,www.diarioonline.com.br,odiarionacional.org(those domains supports HTTPS) andpiauihoje.com(which don't support HTTPS due a server misconfiguration)HTTPS is important. Even if there's no forms in the website it ensures integrity of data, preventing MITM attacks like adding advertisements, changing content or filtering news against someone.