This Forum Should Enforce HTTPS


#1

The WTD forum supports HTTPS but isn’t enforcing it. With Google Chrome 70 showing non-HTTPS sites as insecure, it’s time this switch be turned on for the forum.

:+1:


#2

Hi @FelicianoTech,

What is the value of HTTPS in a forum? I associate such requirements with protecting personal data. The admin panel suggests that it’d take significant effort to set up HTTPS for the forum, and I’m not sure the current traffic justifies such effort (see quote below from the admin panel)

Thanks,
Mike

" Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"


#3

Every website should support https. Google Chrome now shows websites that don’t as insecure and Firefox will follow at some point.

It’s not just about security (as when you log in) but also privacy. Any Discourse version released in the last year supports enabling HTTPS out of the box for free with Let’s Encrypt. I run three Discourse forums, all with HTTPS.