Where are the PH Staff? Could it be that they are deliberately avoiding this thread? I note that they are active in other feedback threads.

Where are thou, Racing Pete, Ollie M, PH Dom, Jack Mansfield et al, to assure us that https will be implemented by the end of this month as promised?

randlemarcus

13,528 posts

232 months

[report]

[news]

Tuesday 10th January 2017

While they are copying and pasting the code, could they look at a couple of other bits in the logon page as well? biggrin

Google Chrome said:

Refused to load the script 'data:application/javascript;base64,dmFyIHV0YWc9e2xpbms6ZnVuY3Rpb24oKXt9fQ==' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' http://static.pistonheads.com http://tags.tiqcdn.com/utag/haymarket/pistonheads-...http://ad.crwdcntrl.net http://widgets.getsitecontrol.com http://gscst-84a.kxcdn.com 'unsafe-eval' http://www.google-analytics.com/https://www.google-analytics.com/ ".

head.js:1 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
send @ head.js:1
login:1 Refused to load the script 'data:application/javascript;base64,dmFyIHV0YWc9e2xpbms6ZnVuY3Rpb24oKXt9fQ==' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' http://static.pistonheads.com http://tags.tiqcdn.com/utag/haymarket/pistonheads-...http://ad.crwdcntrl.net http://widgets.getsitecontrol.com http://gscst-84a.kxcdn.com 'unsafe-eval' http://www.google-analytics.com/https://www.google-analytics.com/ ".

login:1 Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==' because it violates the following Content Security Policy directive: "img-src *".

feef

5,206 posts

184 months

[report]

[news]

Thursday 12th January 2017

https://business.yell.com/knowledge/why-your-websi...

dmsims

6,539 posts

268 months

[report]

[news]

Friday 13th January 2017

anonymous said:

[redacted]

Really why on earth would you put FQDN's in ?

<link rel="stylesheet" type="text/css" href="http://static.pistonheads.com/3354/Assets/bundles/uhcss.css" />

    <link rel="stylesheet" href="http://static.pistonheads.com/3354/Assets/bundles/idserverstyles.css" />

<!--[if IE 8]><link href='http://static.pistonheads.com/3354/Assets/css/ie8.css' rel='stylesheet' type='text/css' media='all' /><![endif]-->



    <script type="text/javascript" src="http://static.pistonheads.com/3354/Assets/bundles/head.js"></script>
    <script type="text/javascript" src="http://static.pistonheads.com/3354/Assets/bundles/idserverscripts.js"></script>

<script type="text/javascript" src="//tags.tiqcdn.com/utag/haymarket/pistonheads-sso/prod/utag.sync.js"></script>
<script src="http://static.pistonheads.com/3354/Assets/bundles/uhscripts.js" type="text/javascript"></script>

GreigM

6,728 posts

250 months

[report]

[news]

Friday 13th January 2017

dmsims said:

Really why on earth would you put FQDN's in ?

You mean as opposed to relative URLs? I presume it is because www.pistonheads.com is not the same server as static.pistonheads.com, so can't be resolved locally.

I don't really see the problem with that however (apart from the fact that static.pistonheads.com isn't https either).

feef

5,206 posts

184 months

[report]

[news]

Friday 13th January 2017

dmsims said:

anonymous said:

[redacted]

Really why on earth would you put FQDN's in ?

<link rel="stylesheet" type="text/css" href="http://static.pistonheads.com/3354/Assets/bundles/uhcss.css" />

    <link rel="stylesheet" href="http://static.pistonheads.com/3354/Assets/bundles/idserverstyles.css" />

<!--[if IE 8]><link href='http://static.pistonheads.com/3354/Assets/css/ie8.css' rel='stylesheet' type='text/css' media='all' /><![endif]-->



    <script type="text/javascript" src="http://static.pistonheads.com/3354/Assets/bundles/head.js"></script>
    <script type="text/javascript" src="http://static.pistonheads.com/3354/Assets/bundles/idserverscripts.js"></script>

<script type="text/javascript" src="//tags.tiqcdn.com/utag/haymarket/pistonheads-sso/prod/utag.sync.js"></script>
<script src="http://static.pistonheads.com/3354/Assets/bundles/uhscripts.js" type="text/javascript"></script>

What's to say the code isn't being generated dynamically?

768

13,706 posts

97 months

[report]

[news]

Friday 13th January 2017

Does that make a difference?

Tankrizzo

7,278 posts

194 months

[report]

[news]

Friday 13th January 2017

feef said:

What's to say the code isn't being generated dynamically?

Given what we know about the failings of the current site, and it's written in Classic, I'd find that highly unlikely.

dmsims

6,539 posts

268 months

[report]

[news]

Friday 13th January 2017

feef said:

dmsims said:

anonymous said:

[redacted]

Really why on earth would you put FQDN's in ?

<link rel="stylesheet" type="text/css" href="http://static.pistonheads.com/3354/Assets/bundles/uhcss.css" />

    <link rel="stylesheet" href="http://static.pistonheads.com/3354/Assets/bundles/idserverstyles.css" />

<!--[if IE 8]><link href='http://static.pistonheads.com/3354/Assets/css/ie8.css' rel='stylesheet' type='text/css' media='all' /><![endif]-->



    <script type="text/javascript" src="http://static.pistonheads.com/3354/Assets/bundles/head.js"></script>
    <script type="text/javascript" src="http://static.pistonheads.com/3354/Assets/bundles/idserverscripts.js"></script>

<script type="text/javascript" src="//tags.tiqcdn.com/utag/haymarket/pistonheads-sso/prod/utag.sync.js"></script>
<script src="http://static.pistonheads.com/3354/Assets/bundles/uhscripts.js" type="text/javascript"></script>

What's to say the code isn't being generated dynamically?

Is that a serious question? rofl