If
https://hashcat.net is used instead of the HTTP version, the image verification breaks as it's transmitted over HTTP and most browsers block insecure content.
This is an issues since there are now Hashcat rules in the https-everywhere extension. Also, Google plans on removing the Load Insecure Content option from future builds of Chrome, at least according to this video:
https://www.youtube.com/watch?v=LBbCec4Bp10
(02-14-2013, 03:42 AM)Mangix Wrote: [ -> ]If https://hashcat.net is used instead of the HTTP version, the image verification breaks as it's transmitted over HTTP and most browsers block insecure content.
This is an issues since there are now Hashcat rules in the https-everywhere extension. Also, Google plans on removing the Load Insecure Content option from future builds of Chrome, at least according to this video: https://www.youtube.com/watch?v=LBbCec4Bp10
Images should all be passed via HTTPS unless it is user supplied from HTTP. Where are you getting the non-compliant warnings from?
radix, the captcha on the registration page is hard-coded to load over http.
Code:
<iframe src="https://www.google.com/recaptcha/api/noscript?k=6LcF6LsSAAAAABUq1MwV0V7SOqarspAx03O1sopC" height="300" width="500" frameborder="0"></iframe>
this causes it not to be displayed when loading over https.
Ah fair enough, missed the "on registration" part
Should be good now, please verify.
I registered a junk account and works perfectly. Thanks!