HTTPS on the site/forum

[Jhaierr]

Hello! I am curious if there are plans to migrate the site and forum completely to HTTPS instead of defaulting to HTTP. Currently, even if I manually enter https:// for the URI, it will reset back to HTTP once I click a navigation link or a thread in the forum.

 

This is how sites are going overall (last year over 50% of sites began to use HTTPS), so that's one reason I ask.

[Simon]

Anything which requires or benefits from SSL is run over SSL.

[Jhaierr]

Right, that's great! I was curious, though, if there are plans for the entire site to be usable using HTTPS in the coming months.

[Simon]

Again, anything which requires or benefits from SSL is run over SSL.  Running the entire site over SSL would not benefit anyone.

[Jhaierr]

Apologies for the long delay in response!

 

I hear what you're saying about the site using SSL, but I noticed something else. The "quick login" dropdown form on the forum does not seem to submit to an https:// connection:

<form accept-charset='utf-8' method='post' action='http://www.herogames.com/forums/login/' data-controller="core.global.core.login">

Additionally, the form for the Change Password page does not use https:// either for the page itself or on the form action:

<form action="http://www.herogames.com/forums/settings/password/" ... >

Is there some way, even though they don't use https:// for the action, that they are still using SSL? Is there something here that I'm missing?

[Jhaierr]

(Also, I just noticed that the Store pages (e.g., Orders, Manage Purchases, My Details, and Client Area) are all using unsecured http://, including the stored credit card page and its form action.)

[Simon]

That's as of an update that was applied on Friday.  I've flipped the entire site over to SSL for the time being until the specific page settings are re-enabled.