Problem/Bug Logging in with https

If you attempt to login with https it will redirect you to http which means any protection ssl has won't be used as the information is sent to an unencrypted page. I was also wondering if there was a way to make bukkit always use https?

 

You can use a custom HTTPS Everywhere rule:

Code:

<ruleset name="Bukkit.org">
  <target host="bukkit.org" />
  <target host="forums.bukkit.org" />
  <rule from="^http://(?:forums\.)?bukkit\.org/" to="https://bukkit.org/" />
</ruleset>

Unfortunately that doesn't fix the fact that the site includes a lot of Curse assets for the footer/header bar which are hardcoded to load over HTTP. Best way to stop these loading is to use something like ABP and block the following elements (alternatively a user script to rewrite them could work):

bukkit.org###netbar.t-netbar.u-icon.u-icon-z
bukkit.org###footer.main.t-footer.u-icon.u-icon-a.group

We're not done yet though! The site also ends up loading (over HTTP) what looks like some JavaScript for marketing purposes. I haven't spent a ton of time looking at what the code does but it doesn't look very useful so we'll block it too. Just the URL in your ad blocker's filters should deal with it:

http://cdm.cursecdn.com/js/bukkit/cdmfactorem_min.js

Finally there's the issue of Gravatar. Unfortunately I can't see a quick way to solve this one (which isn't destructive and results in avatars being hidden) but a user script that runs on page load could do the trick:

Code:

$("span.img").each(function() {
    $(this).css("background-image",$(this).css("background-image").replace("http://www.gravatar.com", "//gravatar.com"));
});

It's disappointing users have to go to these lengths to browse the site securely. Hopefully @Kaelten or someone else from Curse can look into whether solving this is feasible?