The title explains it well, why is there a “not secure” icon in the discussion forums? Is Scratch unsafe? I've been wondering why for 2 months now.

Because Cubeupload now supports HTTPS but still gives you HTTP by default. Therefore, Scratch has to make an unsecure connection.

-InsanityPlays- wrote:

Because Cubeupload now supports HTTPS but still gives you HTTP by default. Therefore, Scratch has to make an unsecure connection.

So http websites give you unsecure connections, and cubeupload gives you http by default, so that's why it says that? What if there's no signature or post with a picture from cubeupload? So Scratch IS safe right?

MTM828 wrote:

-InsanityPlays- wrote:

Because Cubeupload now supports HTTPS but still gives you HTTP by default. Therefore, Scratch has to make an unsecure connection.

So http websites give you unsecure connections, and cubeupload gives you http by default, so that's why it says that? What if there's no signature or post with a picture from cubeupload? So Scratch IS safe right?

Cubeupload isn't actually bad, it just shows an insecure connection. But Malwarebytes and AVG might not be happy.

MTM828 wrote:

-InsanityPlays- wrote:

Because Cubeupload now supports HTTPS but still gives you HTTP by default. Therefore, Scratch has to make an unsecure connection.

So http websites give you unsecure connections, and cubeupload gives you http by default, so that's why it says that? What if there's no signature or post with a picture from cubeupload? So Scratch IS safe right?

Yes, Scratch itself is safe. It's only the CubeUpload images that are transmitted over an insecure connection.

Originally, it is secure, as shown in the picture below.

Now, I had an unsecured picture in http, it is now insecure.
Don't worry, I would make them secure again by making it https.

Ah Ok. Thanks for the help.

Then what do you call this? Is this because wiki editors can change pictures?

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

Probably cause the picture of the cat in the floaty was supported by a http connection.

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

According to the browser console, it's because someone put in an image from "http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ - notice the ”http“. If you have a Wiki account you can fix this by changing the ”http“ to ”https".

Flowermanvista wrote:

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

According to the browser console, it's because someone put in an image from "http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ - notice the ”http“. If you have a Wiki account you can fix this by changing the ”http“ to ”https".

Oh yeah,looks like I was wrong.

60 second rule is *:<

Flowermanvista wrote:

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

According to the browser console, it's because someone put in an image from "http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ - notice the ”http“. If you have a Wiki account you can fix this by changing the ”http“ to ”https".

Oh so it's the same reason? Good thing I have a wiki account, although I just made it yesterday so I'm new, so if I change it to https it won't affect the picture but fix the not secure sign and I won't get into any trouble?

Flowermanvista wrote:

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

According to the browser console, it's because someone put in an image from "http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ - notice the ”http“. If you have a Wiki account you can fix this by changing the ”http“ to ”https".

I changed it to https but the warning won't disappear.

pavcato wrote:

Flowermanvista wrote:

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

According to the browser console, it's because someone put in an image from "http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ - notice the ”http“. If you have a Wiki account you can fix this by changing the ”http“ to ”https".

I changed it to https but the warning won't disappear.

According to the browser console it's still being loaded. Odd…

Flowermanvista wrote:

pavcato wrote:

Flowermanvista wrote:

MTM828 wrote:

Then what do you call this? Is this because wiki editors can change pictures?

According to the browser console, it's because someone put in an image from "http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ - notice the ”http“. If you have a Wiki account you can fix this by changing the ”http“ to ”https".

I changed it to https but the warning won't disappear.

According to the browser console it's still being loaded. Odd…

Now this is getting creepy… it's probably not an attacker but something wrong with the server or something, that's at least what I think it is. And by the way I don't even know what a browser console is! :p

It's your signature. The image in your signature is using HTTP.

ignore this

I found the issue. It's not on the page and it's not caused by any template. Instead, it's caused by a skin that is seemingly called “scratchwikiskin2”, which statically links to "http://images1.wikia.nocookie.net/runescape/images/1/14/Gradient-1pixel-horizontal.png“ and ”http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ to generate gradients - thus, both a horizontal and vertical gradient effect would cause the ”not secure“ warning. If a high-privileged person on the Wiki was able to edit this skin (I do not have a Wiki account and I know little about how these technical intricacies work), they can easily fix the issue by changing the ”http“ to ”https" where they are referenced.

I discovered this with a few minutes of digging in the Inspect Element dev tools. Here is the CSS file generated by the offending skin, in case it may be of any help:

https://en.scratch-wiki.info/w/load.php?debug=false&lang=en&modules=site.styles&only=styles&skin=scratchwikiskin2

Why would the gradients be from Runescape?

Flowermanvista wrote:

I found the issue. It's not on the page and it's not caused by any template. Instead, it's caused by a skin that is seemingly called “scratchwikiskin2”, which statically links to "http://images1.wikia.nocookie.net/runescape/images/1/14/Gradient-1pixel-horizontal.png“ and ”http://images3.wikia.nocookie.net/runescape/images/b/b4/Gradient-1pixel-vertical.png“ to generate gradients - thus, both a horizontal and vertical gradient effect would cause the ”not secure“ warning. If a high-privileged person on the Wiki was able to edit this skin (I do not have a Wiki account and I know little about how these technical intricacies work), they can easily fix the issue by changing the ”http“ to ”https" where they are referenced.

I discovered this with a few minutes of digging in the Inspect Element dev tools. Here is the CSS file generated by the offending skin, in case it may be of any help:

https://en.scratch-wiki.info/w/load.php?debug=false&lang=en&modules=site.styles&only=styles&skin=scratchwikiskin2

fdreerf wrote:

Why would the gradients be from Runescape?

Uuugh.. so what do I do? I'm a new wikian so yeah I can't do that thing, bt I think Bigpuppy is so you can tell him. And I didn't understand a word you just said xD I'm bad at that kind of stuff. :p