7

I've seen a lot of requests in the SO Meta asking for StackOverflow to be moved over completely to https.

I've never run a site as large as Stack Overflow, so enabling SSL/TLS has always just meant providing the cert files in the Apache/Nginx config.

How would this be different for a larger site such that it would require a significant amount of time to implement?

m0meni
  • 178
  • 1
  • 6
  • 6
    Have a look at this blog post by Nick Craver, http://nickcraver.com/blog/2013/04/23/stackoverflow-com-the-road-to-ssl/ – Brandon Jun 29 '15 at 16:11
  • 1
    Updated Nick Craver post on that topic; _highly_ recommended reading. https://nickcraver.com/blog/2017/05/22/https-on-stack-overflow/ – Cameron Kerr Nov 02 '17 at 12:06

1 Answers1

-2

1) All absolute links should be changed to relative, or to ://, or to https://
For example: "http://mysite/img1.png" => "/img1.png" or "https://mysite/img1.png" or "://mysite/img1.png"

2) All links (css, js, fonts, frames) to external resources should be replaced to :// or to https://

All modern browsers are ignoring insecure http:// links from https pages!

user2743554
  • 397
  • 3
  • 13