Https for the site?


#1

As of right now, the Discourse installation isn’t running on an https-enabled server (and Chrome gets mad, especially when the HTTPS Everywhere extension tries to redirect the site to the non-existent secure version). It’s not collecting tons of personal information, but the site still collects passwords and should probably have https enabled.


#2

Ooh and I can dbl like as an anonymous user.

Given the somewhat sensitive nature of data science in various organizations — including US gov departments — TLS/SSL has to the only accepted way of sign-in and, heh, discourse.

Also: Chrome is going to really light a fire on login dialogues that aren’t SSL’d, soon.

The site also uses Discourse CDN and it would be much safer for individuals re:tracking if it was all local.


#3

Working on enabling SSL now


#4

I was as well…They said it was a checkbox to enable?


#5

Seems to be working now!

Capture


#6

A checkbox and some more $$$


#7

The logo image is still not secure at the moment: http://www.rstudio.com/wp-content/uploads/2017/09/RStudio_Community.png Should use https.


#8

Aye. Still getting mixed content warnings on my end. It’s likely a quick template URL resource tweak.

user profile JSON is SSL’d and limited to logged-in users, so :+1: on that front and the rest of the hosted discourse and back-end Proinity CDN (which they use behind the scenes) seem :+1: as well (no mal-history as well).


#9

Should be fixed now (at least I don’t see any problems when I open in chrome)


#10

Yep, @Bill has fixed it.