Neocities Goes HTTPS (January 2017)

On News Years Day 2017, all subdomain websites on Neocities would switch from using HTTP (Hypertext Transfer Protocol), to that of HTTPS (Hypertext Transfer Protocol Secure). HTTPS is an extension of the HTTP for secure communication over a computer network, and is widely used on the Web. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.

Neocities switching to HTTPS was first announced in November of 2016, on The Neocities Blog. Owner of Neocities, Kyle Drake, wrote on the blog that Neocities is switching to HTTPS as to;

[P]rotect your users, it's critical that we switch to default encryption and make it harder to violate your user's privacy.

In addition, search engines have recently said they will start penalizing unencrypted sites in search results, meaning that without default SSL, your site will be less likely to show up on search results. We obviously don't want that to happen, so that is another large motivator.

The process of updating all websites to HTTPS took around five days to complete.

Because of Neocites switching to HTTPS, some resources loaded over HTTP (images, JavaScript, CSS, music, iframes, etc) would no longer work. This issue was noted by American Neocities' member, JeremyRedhead, who in early January 2017, in an E-Mail posted on NeoMail, wrote a how to guide for how people should deal with this possible issue;

Hello all, this is Jeremy here.

As you all probably now know, all Neocities sites default to HTTPS, i.e, unless you're using a very old browser that doesn't understand HSTS, it is now basically impossible to load your site over the (insecure) HTTP protocol. Although this is probably a good thing in the long run, as mentioned on the Neocities blog, it will break some sites the way they're currently set up, maybe even yours. However -- Don't panic! I'm here to help  :) Step 1:
Find and identify any resources (images, javascript, css, music, iframes, etc) loaded over http. Note that this also includes insecure links that open in frames.

Example: <img src="">

Note that the most important changes you must make are to javascript, css, iframes, and "frame-links". Images and music will still sometimes be loaded over http, albeit often with a complaint from the browser.
However, browsers WILL NOT load any insecure javascript, css, or sites in iframes.
So focus your efforts there first!

Step 2:
Anything hosted on another site that supports https, just change the protocol to either https, or "relative", which loads based on the protocol the page is being used over.
If it's another neocities site, this should be easy!

Example of https: <img src="">
Example of relative: <img src="//">

If the site doesn't support https, you can do a couple different things:

If the resource is, for example, something that's intended to be shared, or in the public domain like a 88x31 button gif, you can probably safely download and re-host it on your site
Example before: <img src="">
Example after: <img src="/noclick.gif">

If the resource is very large, or you don't think you're allowed to re-host it, like music or propriety javascript, then you can try saving/hosting it in the Internet Archive, which supports https. Unfortunately, it also obeys robots.txt, so this might not always work.
There are also a variety of music and other anonymous file hosting services, so trying googling around some too.

Finally, if you have a link that opens in a frame that doesn't support https, just open it in a new tab! :)

Step 3:
There is no no step three!
Congratulations, you're done! :D
See, that wasn't that hard.

Please feel free to share this, I am releasing it under the Creative Commons Attribution License.

Thank you for reading!


II. 3 June 2017 @ 21:02 - Same Old Crap [Written on the 1st][Written%20on%20the%201st]

III. NeoMail -- Neocities defaulting to https

III. IMPORTANT: We're switching to default SSL (HTTPS). Here's what you need to know.

This page was last updated: 08/09/2018 @ 00:09

In total this page has had 0 updates since it was uploaded.