Ok , I think this has to do with your host and the settings for connecting to the content.
After opening a new tab I see I am logged in. This has to do with the host setting not vanilla. You need to allow connection to insecure content if they prefer to access the site using only http. or get rid of any url that is not served via https in your theme.
It appears you need to change all urls in the config to be https if there is any
Also if you purchased the ssl certificate under www.frivilligsupport.dk or under frivilligsupport.dk will make a difference. Make the urls match the one on the certificate.
go through your theme and remove or replace all http links for https links. I already noted one specific .
In general, it's best to use ssl/https when you're site involved user registration and logins. We recently installed Vanilla on https and it works fine. The only 'issue' I found so far is that applications/dashboard/design/style.css has a few calls to cdn.vanillaforums.com over http and not https.
Regarding mixed content when users post http content:
There’s a big difference between active mixed content and passive mixed content. Mixed passive content is img – audio – video – embed and is safe to show. Iframe is not. Also script is not.
Mixed Active Content is content that has access to all or parts of the Document Object Model of the HTTPS page. This type of mixed content can alter the behavior of the HTTPS page and potentially steal sensitive data from the user. Hence, in addition to the risks described for Mixed Display Content above, Mixed Active Content is vulnerable to a few other attack vectors.
Comments
If you create an account and sign in with it, i think you see the problem i see..
Better make a test account for me and send the login info via private message.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Ok , I think this has to do with your host and the settings for connecting to the content.
After opening a new tab I see I am logged in. This has to do with the host setting not vanilla. You need to allow connection to insecure content if they prefer to access the site using only http. or get rid of any url that is not served via https in your theme.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
That page is because http is disabled, but im wondering why it uses a http link when the config.php is set to force ssl?
Because the ssl certificate is a site wide thing not a Vanilla thing.
It is a setting in the server that blocks connections to insecure content. Talk to the host about how to fix it .
Although this relates to Wordpress it may help with your situation.
http://www.beginwp.com/solve-ssl-error-login-issues-wordpress/
It appears you need to change all urls in the config to be https if there is any
Also if you purchased the ssl certificate under www.frivilligsupport.dk or under frivilligsupport.dk will make a difference. Make the urls match the one on the certificate.
go through your theme and remove or replace all http links for https links. I already noted one specific .
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
In general, it's best to use ssl/https when you're site involved user registration and logins. We recently installed Vanilla on https and it works fine. The only 'issue' I found so far is that
applications/dashboard/design/style.csshas a few calls tocdn.vanillaforums.comover http and not https.Regarding mixed content when users post http content:
There’s a big difference between active mixed content and passive mixed content. Mixed passive content is img – audio – video – embed and is safe to show. Iframe is not. Also script is not.
See https://developer.mozilla.org/en-US/docs/Security/MixedContent#Mixed_active_content