Posts: 76
Threads: 8
Joined: Feb 2013
If
https://hashcat.net is used instead of the HTTP version, the image verification breaks as it's transmitted over HTTP and most browsers block insecure content.
This is an issues since there are now Hashcat rules in the https-everywhere extension. Also, Google plans on removing the Load Insecure Content option from future builds of Chrome, at least according to this video:
https://www.youtube.com/watch?v=LBbCec4Bp10
Posts: 649
Threads: 18
Joined: Nov 2010
(02-14-2013, 03:42 AM)Mangix Wrote: If https://hashcat.net is used instead of the HTTP version, the image verification breaks as it's transmitted over HTTP and most browsers block insecure content.
This is an issues since there are now Hashcat rules in the https-everywhere extension. Also, Google plans on removing the Load Insecure Content option from future builds of Chrome, at least according to this video: https://www.youtube.com/watch?v=LBbCec4Bp10
Images should all be passed via HTTPS unless it is user supplied from HTTP. Where are you getting the non-compliant warnings from?
Posts: 2,936
Threads: 12
Joined: May 2012
radix, the captcha on the registration page is hard-coded to load over http.
Code:
<iframe src="http://www.google.com/recaptcha/api/noscript?k=6LcF6LsSAAAAABUq1MwV0V7SOqarspAx03O1sopC" height="300" width="500" frameborder="0"></iframe>
this causes it not to be displayed when loading over https.
Posts: 649
Threads: 18
Joined: Nov 2010
Ah fair enough, missed the "on registration" part
Posts: 649
Threads: 18
Joined: Nov 2010
Should be good now, please verify.
Posts: 76
Threads: 8
Joined: Feb 2013
I registered a junk account and works perfectly. Thanks!
