27 Jan
2016
27 Jan
'16
9:57 p.m.
Argh. Ignore my previous email. Somehow instead of cancelling, I managed to send it instead :-( I replied to the wrong thing. Andrew Pam via luv-main <luv-main@luv.asn.au> writes:
Actually it looks like that's not the main reason for the warnings - the bigger issue is that images are being served via http rather than https which means the pages are not regarded as fully secure.
Actually this is particularly bad because it means cookies including session keys will be sent in the clear. Unless the cookies are marked as secure cookies, which is a really good thing - prevents accidentally leakage of the session cookie. I don't think this is the case however. -- Brian May <brian@linuxpenguins.xyz> https://linuxpenguins.xyz/brian/