Update for http vs https
Hey everyone,
We've made an update to how redirects and interlinking works in regards too https vs http. The server will always attempt too use https now, rather than continue on with whichever it was given in the first place. This should reduce the number of pages that browsers call insecure.
The reason it cannot be 100% coverage for all links across all sites is because some of the content that you like to use is not over https. This also includes any custom content you may have on custom pages or HTML widgets. If you have a background image that comes from an http URL, browsers will call that image insecure and may call the entire page insecure as a result. We very much want to keep GamerLaunch an open platform that allows you to make the website you want and include the content you want. We will not be blocking http content because that would limit your sites in an untenable way.
Another complication to this is custom domains. If you've bought a custom URL to use for your site, it presents another layer of security to consider. We are evaluating ways to provide custom URL's with SSL certs as a paid service. Contact us through support if you are interested.
We noticed that this update did not hit all subdomains. We've now updated this to apply to wowlaunch, swotrhost and corplaunch as well!
Thanks for the reports, let us know if you notice anything!
I'd be interested to know how a paid for certificate for a paid for domain name would affect the site. Would that basically bring it into line with other sites that use the gamer launch domain names? ie, some of the pages would still show as being insecure if they have custom content on them?
How would that affect the page and visitors to it?
Would there be a way of tracing which content on a page may affect the https status, and potentially allow for an alternative to be found?
This is a very complicated subject and I'm going to try my best here haha.
Sites on our official domains have always had fully secure login pages because we do not allow any custom content on those pages, it's fully internal and secure.
The update we made today is to make ALL internal resources and links within GamerLaunch to be https URLs.
The remaining security warnings you may see coming from browsers are going to be originating from 3rd party external resources that we do not control. Those are the resources we want users to continue being able to use. An example of this is an item hovers javascript library from Zam. Unfortunately, Zam does not provide this library over https, only http, and there is nothing we can do about that. Browsers will complain that that script is "insecure".
The message the browser will give you for something like this will look like this:
A way to see exactly what is causing the browser to give you that warning is too look in the dev console. The message will look something like this:
Zam tooltip hovers is cool and a useful tool, we aren't going to stop using them just because Google is overbearing with their security messaging.
That should fairly cover what the actual "problem" is here.
If you were to acquire an SSL Cert for your own custom domain URL, the website would behave exactly the same as above.
I really hope this does not just further confuse you haha.