Https for webpage #7678
Comments
|
What are the benefits of https in this case? |
|
Yep, all HTTP sites get tampered with by many ISPs today. And occasionally, weaponized by a nation state! It's a nightmare out there -- a nightmare HTTPS puts to an end. :) HTTPS doesn't solve every ill, but it removes the ISP as an actor in a bunch of important ways. Making it the default very much does reassert the web as a collection of empowered endpoints, and restores the idea that the internet interprets censorship as damage and routes around it. |
|
I'd suggest Let's Encrypt (https://letsencrypt.org). Free and soon available (open beta next week) :) |
|
Only tangentially relevant, but if you haven't heard of IPFS, check it out -- it is an elegant reworking of how we handle sending data over the internet |
|
I second cloudflare. You can set everything up and add an enforce https page rule in about half an hour. And it's free. |
|
Okay, let's summarize. CloudFlare describes the advantages of SSL like this:
Besides, @makc mentioned an other important reason. In the future, some JavaScript functionalities will only work with a secure origin. The following three.js example already reports a respective warning with Chrome. The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details. So it definitely makes sense to switch to SSL. |
|
you can already go to https version at https://mrdoob.github.io/three.js/ |
|
ah, I see you're aware of that, sorry |
|
Right, i mean the domain |
|
@ashconnell I have also made good experience with CloudFlare. Setup is easy and SSL works as expected 👍 |
|
Bumping this topic as its still not fixed. I know there is a big GitHub topic discussing the implementation of HTTPS for custom domains isaacs/github#156 However, I don't think waiting for something "to maybe be implemented" is a valid reason to delay the implement HTTPS.
Google is also known to show websites supporting HTTPS higher up in the search results which could boost three.js popularity. I strongly recommend CloudFlare as I have only had good experience with them and I run several sites that is currently hosted on Pages and routed through CF. 😃 |
because being #1 google hit is clearly not good enough |
Setting up CloudFlare takes less than 10 minutes. Instead we have gotten a 8 month long conversation about it. Someone is yet to bring up an argument against HTTPS, and seeing as the many benefits clearly outweighs the non-existing consequences, why not just get it fixed and we can move on? |
there is a guy just outside my house selling milk. I bet I could go out and buy it in less than 10 minutes, too. sounds like compelling reason to do it ) |
You missed an important point; HTTPS is completely free. I don't know about you but if someone was offering me free milk then I would gladly accept. I have nothing against milk but I would like to stick talking about HTTPS in this thread. I would like if it did not get closed because being too off-topic. 😛 |
|
The last time I used CloudFlare it broke stuff because it didn't handle some file formats properly. So even if it takes 10 minutes, it may have side effects. Besides, I don't yet trust CloudFlare... |
|
Another host to consider for free+ssl threejs.org is firebase (owned by Google) It is really simple to set up a custom domain ad they will get you a free SSL certificate. |
|
Interesting... |
|
(I originally filed a dupe of this issue at #9753, so I'm moving my comments here.) HTTPS will soon be required in WebVR-capable browsers. It'd be awesome if http://threejs.org was served from https://threejs.org. See the WebVR spec issue and @toji's blog post for more info. Since http://threejs.org is already being served from GitHub Pages, I'd recommend using CloudFlare's free tier service as a reverse cache proxy + CDN (which includes best-in-class perf server settings [gzip, SDCH, HTTP/2, sane Here's a walkthrough I wrote of how to set up GitHub Pages + CloudFlare. FYI, Let's Encrypt is great, but it appears GitHub Pages isn't supported just yet. @mrdoob: per your comment above, do you remember which issues you encountered? I haven't seen any or heard of any reports of issues, but let me know, and I can try to help to track them down. |
|
Sweet, thanks so much! |
|
My response: |
|
|
threejs.orgis a custom domain pointing at a github hosted page (gh-pages). It does not currently serve onhttps://.Here is a mega-thread on getting SSL for gh-pages: isaacs/github#156
During the course of this thread, github shipped SSL for directly accessed gh-pages, but this does not work for custom domains without some extra work.
some suggestions from the thread are
The text was updated successfully, but these errors were encountered: