Trek-lite not secure

Discussion in 'Bugs & Feedback' started by Ken T., Apr 6, 2019.

  1. Ken T.

    Ken T. Section Hiker

    Security out of date? Getting the not secure warning when visiting.
    Shewie, Dave V and WilliamC like this.
  2. Dave V

    Dave V Moderator Staff Member

    Just checked on my phone and mac and not showing any security or non secure warnings.

    Which browser are you using?
  3. WilliamC

    WilliamC Thru Hiker

    I get a warning every time I have to log in, "Your connection to this site is not private, passwords can be stolen" etc type thing. Doesn't matter which browser. It's been like that for a long time and I've kept meaning to mention it, so I'm glad @Ken T. has.
    Dave V likes this.
  4. DuneElliot

    DuneElliot Section Hiker

    I get the warning too. Even at the top, in the browser bar, I can currently see "Not secure"
  5. Foxster

    Foxster Ultralighter

    Sure it's not your virus protection?
  6. Shewie

    Shewie Administrator Staff Member

    What device and browser are you using Ken?

    If using Chrome press F12 then the security tab, it should tell you in there why your machine is not happy.
    It’s sometimes because of linked content rather than the actual forum itself
  7. Robin

    Robin Thru Hiker

    I get it on my iPad. I think the latest version of IOS is now alerting for all non secure websites.
  8. paul

    paul Thru Hiker

    looks a facebook thing

    sdk.js?hash=c2f4dcbd0ed43639fe3a986774ec0143&ua=modern_es6:52 The method FB.getLoginStatus will soon stop working when called from http pages. Please update your site to use https for Facebook Login. https://developers.facebook.com/blog/post/2018/06/08/enforce-https-facebook-login/
    b @ sdk.js?hash=c2f4dcbd0ed43639fe3a986774ec0143&ua=modern_es6:52
    Shewie likes this.
  9. Shewie

    Shewie Administrator Staff Member

    Thanks all

    I've flagged this up with @Tony to check some stuff on the server side

    Don't worry though, you can continue to use trek-lite safely it's just that there are some certificates and coding to be tweaked here and there.
    Munro277, Chiseller and Robin like this.
  10. WilliamC

    WilliamC Thru Hiker

    Following advice on the Chrome browser, I added "https://" before the www in the url and it opened as a secure site.
    Fred Wanderer likes this.
  11. Shewie

    Shewie Administrator Staff Member

    Yeah that will remove the error as a workaround on members machines
    Fred Wanderer likes this.
  12. WilliamC

    WilliamC Thru Hiker

    Unfortunately, I can't bookmark it as a secure site.
  13. HillBelly

    HillBelly Ultralighter

    I've had it a while on Safari (latest version) but having looked at this thread, its because my auto complete was directing me to the Http version of old. A quick change to ps and its all good and pointing to the secure version. I'll be sure to save that now.
  14. Ken T.

    Ken T. Section Hiker

    IOS on a iPad mini through Safari. I guess I’ll try the kludge fix.
  15. DuneElliot

    DuneElliot Section Hiker

    Positive. And I use Linux
  16. shetland_breeder

    shetland_breeder Ultralighter

  17. shetland_breeder

    shetland_breeder Ultralighter

    Since this has still not been fixed :

    In .htaccess in the http site put:

    Code:
    <Files ~ "^\.ht">
        Order allow,deny
        Deny from all
    </Files>
    
    
    # Redirect to the HTTPS site
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-SSL} !on
    RewriteRule %{REQUEST_URI} !^/(.well-known)(/|$)
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
    This redirects all requests to http://*** to https://***
    JimH likes this.
  18. FOX160

    FOX160 Thru Hiker

    Just deleted mine off of bookmarks on my iPad and now saved secured version.
    Well thought I’d sorted but every time I go onto bookmarks I get the unsecured site
    even though I had removed the old site and added the secured site? Now when I press the Home button I get kicked out but I am still shown as being online
    Last edited: May 6, 2019
  19. shetland_breeder

    shetland_breeder Ultralighter

    And all the links(or all the ones I've looked at) are to http.

    That's why the proper fix is to get the server to redirect all http requests to https.
  20. FOX160

    FOX160 Thru Hiker

    May I ask what the steps you take to achieve this, thank you
  21. shetland_breeder

    shetland_breeder Ultralighter

    I pasted the fix I have on my websites in my previous post - but the exact implementation depends on how the Trek-Lite server is configured.

    There's nothing the humble user can do except hope the site admins take it on board and fix it at the server.
    FOX160 likes this.
  22. FOX160

    FOX160 Thru Hiker

    OK thank you for your reply.
  23. HillBelly

    HillBelly Ultralighter

    I've checked this too, and clicking the home button on the site menu does takes you to http: so its in the program code, not your computer.

    Hope that helps!

    Re read Shetland's posts and I realise thats whats meant by all links are to http:
    FOX160 likes this.
  24. Ken T.

    Ken T. Section Hiker

    Thanks Shewie
  25. Shewie

    Shewie Administrator Staff Member

    Thanks for checking last night guys

    If you can update your bookmarks we should be good.

    I think it will take a couple of days for Google to re-ndex the URL
    HillBelly likes this.

Share This Page