« [live627's rants] These trees are [not] simple
SMF / Wedge and SSL?

tsarna

  • Posts: 1
SMF / Wedge and SSL?
« on February 16th, 2012, 03:08 AM »
Does SMF (and will Wedge) support SSL? My guess is that SMF doesn't, based on the administration field for "Forum URL" under "Databases and paths". I suspect what happens is that if you visit via SSL, you end up with links based on this field and quickly get shoved back to plain HTTP.

I confess I haven't tried setting it up, but I can't easily in my current environment (only one IP and already another SSL site)

I guess one could set the field to a https url, but then that forces everyone to use SSL, which I don't necessarily want to do either. Ideally links would be generated based on however the user was accessing the current page, making the SSL choice sticky, and at the user's choice (or the admin's -- if one wants SSL-only, it could be done with a redirect in the web server)

I guess there also may be some issues with cookies -- I think there is a flag on a cookie for secure-only? It's been too long since I messed with any of that...

Anyway, if it is expected to work in Wedge currently, then great work! If not, please consider this a feature request  :)

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: SMF / Wedge and SSL?
« Reply #1, on February 16th, 2012, 09:16 AM »
Both do, but it is very much an all or nothing scenario for exactly the reason you mention, since if you're serving the main site in HTTPS, you need to serve all the images and all the scripts the same way. In the Server Settings area, you'll find an option for securing the site which deals with the cookies.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial