Possible Discourse bug: Unsecured Connection?

Today I noticed something on the address bar:

Clicking on the i-for-information gave me this:

I have no idea if this is serious or not, but thought you might appreciate the info. It could be a browser bork (stock Samsung browser, which is a Chromium mod, on a Tab s4.) Another site I visit that uses Discourse gives the same result… but meta.discourse.org doesn’t (which is odd.)

Edited to add: this is happening intermittently, so maybe it’s just me. I do have another device streaming video; maybe it’s a connection issue?

3 Likes

Interesting. That suggests something isn’t being delivered with HTTPS, but I can’t reproduce it myself.

Anyone else getting this error?

3 Likes

Yeah, you know it’d be awesome if it actually said what wasn’t being delivered over HTTPS. :roll_eyes:

1 Like

Sorry, I posted what the browser gave me. I agree, it would be nice if it gave more info, but I don’t know how to find that out. If it’s just me, it’s probably either a browser hiccup or a connection/bandwidth issue.

2 Likes

I’m not sure why browser vendors have decided that removing information is the right way to deal with this stuff - like “The site isn’t secure” isn’t already scary enough? Somehow providing the URL that’s the problem is going to make it more scary?

I wish I could help further, but I can’t reproduce it. If someone else can reproduce it though, I’ll definitely raise the alarm on it!

3 Likes

I wasn’t trying to blame you or anything, sorry if that’s how it came off. :frowning: It was more a general frustration at how little useful information modern software tends to give when things go wrong.

2 Likes

Agreed! I don’t need tons of technical jargon, but a little more than “sOmEtHiNg Is WrOnG” would be nice… :rofl:

4 Likes

I’m getting it on this topic.

ETA: looks like it’s the same on all topics.

Edit again.

It changes to give a secure connection when I turn my VPN off.

And now it’s all nicely secured either way.:man_shrugging:

1 Like

That’s a maddening problem indeed. Was a site unreachable because the DNS name resolution failed, because there was a routing failure, or because there was nothing listening on the remote server? The browser makers decided we didn’t need to know why.

2 Likes

If you press f12 and go to the Security tab, that’s your best bet. I was on that tab, and refreshed this topic page and got:

However it is true that if anyone EMBEDS something that starts with http:// to a post, that’ll cause the dreaded “mixed content”. Simply linking to a non-https webpage won’t do it. You’d want to figure out which post is doing that.

3 Likes