If this was from Discourse, how about a warning before you send out mass invites that they’ll receive a scary sketchy SSL warning with a recommendation to get SSL before inviting out?
We only launched our forum not long ago and were planning to get SSL in a few weeks. I would’ve definitely waited. It’s sort of an overdramatic message, as this applies to any site without SSL (http).
Even if it’s browser based then… should still show a warning that some browsers may do this. However, just a heads up - this sucks after sending out 2300 invites from our mailing list don’t let others make my mistake.
SSL is great practice – i have it for all my sites except my forum because it’s newer and haven’t got around to it yet.
Yea I had a feeling – however, because browsers do this, I still encourage adding a warning if !SSL. It’s quite embarrassing who would’ve known. I know it’s not a Discourse thing, but it may help future people.
I believe what you showed is Firefox specific. Chrome just shows a general warning in the address bar. Firefox’ market share is way, way down from where it was 4-5 years ago.
Maybe we should take this as the last nail in the coffin to add a check to the admin dashboard as long as HTTPS isn’t enabled? I’d highly discourage non-HTTPS installs for security considerations alone…
I can still think of at least one situation where this isn’t feasible - internal sites that aren’t visible outside the company network. Let’s Encrypt can’t work for those sites, and a constant dashboard warning would be quite obnoxious. There would need to be a way to disable it for situations like these if we add a check to the dashboard.