Ethsim2
(Ethan )
July 4, 2025, 7:19am
1
Hi everyone
how security looks when sending Invite Link via. Instagram DM
how security looks when sending link to group chat changing the ?…user to /last
this is using the standard install let’s encrypt
Ethsim2
(Ethan )
July 4, 2025, 7:38am
2
this is to show on my root discourse site, that HSTS is enabled
ask.discourse.com tells me my site has HSTS
but also mentions
Extra Tips
For maximum security across subdomains, you could set includeSubDomains
in your HSTS header, though this is optional and needs to be set in your nginx config.
Make sure your email templates and shared links use https://
—but HSTS gives strong fallback protection.
In Summary
Yes : As long as HSTS is set on your Discourse, browsers that have already visited your site via HTTPS will force all links—including invites—to load securely via https://
.
i have my email on discourse.yourdomain.TLD
sub-domain, could this be causing problem?
Ethsim2
(Ethan )
July 4, 2025, 7:46am
3
now this is how the invite link behaves in Chrome Incognito
the network document (the one that appears at top of a long list) is renamed into the code after \
of invite link
Ethsim2
(Ethan )
July 13, 2025, 12:49pm
4
do we have any updates about this?
Hallo,
Quick question: In your link, did you use HTTPS or merely HTTP? Based on your second post, I observe that you only utilize HTTP, which should resolve the issue.
1 Like
Ethsim2
(Ethan )
July 13, 2025, 5:08pm
6
Both links specified https within the Instagram DM