if it doesn't work, then it doesn't work. that said, why do you need "https everywhere" there's no point, only on secure form inputs do you need to be secure.

Messaggio originale di Shiki Ryougi:

if it doesn't work, then it doesn't work. that said, why do you need "https everywhere" there's no point, only on secure form inputs do you need to be secure.

That is old advice for old 486 toasters on dialup; why is the Steam community so toxic towards HTTPS?
Here is more modern advice, straight from Google:
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https

If you use regular http, you are putting yourself at risk of session hijack; ever heard of Firesheep?

This explains why secure cookies are important (which Steam doesn't use due to their use of insecure URLs):
https://en.wikipedia.org/wiki/Secure_cookies - setting the Secure flag bans use on insecure http and the HttpOnly flag means Javascript cannot read the cookies for XSS protection (don't let that one fool you, combining with Secure means HTTPS only).

Oddly enough, my HTTPS Everywhere extension started upgrading this site again; apparently they must have had a bug preventing it from working.

EDIT: Please do not post spam comments.

It seems also the Steam Client prohibits secure access to the Steam Community.
You can try upgrading this thread though by clicking https://steamcommunity.com/discussions/forum/1/1474221865197802337/
A green "store.steampowered.com" box should show to the left of the URL indicating the identity of the site's domain name has been verified.

I suspect maybe it could be a Chrome Dev issue; the add-on seems to be working intermittently, not always upgrading the connection.

Messaggio originale di BFeely:

I suspect maybe it could be a Chrome Dev issue; the add-on seems to be working intermittently, not always upgrading the connection.

many site features can be disabled using a https server over http, I know for facebook it breaks the whole ♥♥♥♥♥♥♥♥ site.

Messaggio originale di Shiki Ryougi:

Messaggio originale di BFeely:

I suspect maybe it could be a Chrome Dev issue; the add-on seems to be working intermittently, not always upgrading the connection.

many site features can be disabled using a https server over http, I know for facebook it breaks the whole ♥♥♥♥♥♥♥♥ site.

I believe Facebook requires https these days; they did so in response to the "Firesheep" hacking tool.

On Steam Community, some content is delivered as mixed content, as some of the content is delivered via a CDN server that has not been configured for HTTPS. This otherwise does not degrade the experience of the Community, as browers do not currently block "passive" content like images.

Messaggio originale di BFeely:

Messaggio originale di Shiki Ryougi:

many site features can be disabled using a https server over http, I know for facebook it breaks the whole ♥♥♥♥♥♥♥♥ site.

I believe Facebook requires https these days; they did so in response to the "Firesheep" hacking tool.

Yes, Facebook is fully supporting HTTPS.
https://transparencyreport.google.com/https/top-sites

Just posted a bug report at https://github.com/EFForg/https-everywhere/issues/12477

Oddly enough, my Chrome is saving my login, but only if I go specifically to https://steamcommunity.com - the insecure version is logged out.

It's time Valve Corporation migrate fully to HTTPS, in this day and age there is no excuse anymore. All the major CDN providers support not only HTTPS, but the accelerated HTTP/2 protocol that replaces the old, 90s era HTTP/1.1.

Did you try to restart your acc with firefox instead of the app? Maybe this is the solution for your problem but i m not 100 % sure. Maybe somebody else has a solution for this problem

Messaggio originale di SABATON:

Did you try to restart your acc with firefox instead of the app? Maybe this is the solution for your problem but i m not 100 % sure. Maybe somebody else has a solution for this problem

Why? I think of it as a reminder to put on HTTPS. I could nuke my cookies and reset the whole thing, or Chrome may block the http side again the moment it sees it can do https.

Messaggio originale di __:

I started typing in the Community, using Chrome dev, and all of a sudden my Omnibox (Chrome Address Bar/Search Bar) popped up "Not Secure" - the Flags are in line with the upcoming Chrome feature described at https://blog.sucuri.net/2017/08/google-warning-text-input-forms-october-https-ssl.html and other news outlets.

I check my HTTPS Everywhere add-on which until recently was faithfully upgrading my Steamcommunity.com experience to https://steamcommunity.com however it is no longer listed.

Did Valve force HTTPS Everywhere to stop upgrading the Steam Community?

Posting this with "Valve Corp. [US]" in the Omnibox as I forcefully upgraded my connection.