VGMdb is now available for browsing through a private, encrypted connection at https://vgmdb.net !

With over half of Internet traffic now secured through SSL/TLS, and browsers starting to hold non-secure sites accountable, implementing HTTPS protection is now a necessity.

During the initial phase you may run into bad redirects to the non-https site or mixed content warnings; please report them so we can get it fixed. Once it's verified that everything is working well, we can turn on HSTS and enforce secure browsing by default.

RSS feeds give out HTTP links when accessed over HTTPS:

https://vgmdb.net/db/rss.php
https://vgmdb.net/album/new/feed
https://vgmdb.net/album/upcoming/feed
https://vgmdb.net/artist/1/feed

I don't know how many others there are lying around

To be honest HSTS is quite a hassle I'd only do as a final step. Just forcible upgrading every access to https and getting a better TLS security rating is sufficient.

Thanks for the efforts in any case!

I guess then a few other HTTPS issues have to be addressed as well:
- first redirection when entering a new shop link with https prefix
- Amazon Japan shop link filtering if the link has https prefix

I've just added a link here, and both the first direction fails, and the Link shows up on the album page (which it shouldn't).

To be honest, I'd rather not be redirected at all when adding shop links. It's annoying.

The links in the RSS feeds have been fixed.

The shop links code will need some refactoring. The redirection was originally for visual confirmation that the link works, but we can make this a background job.

First (automatic) redirection to a https shop link is always failing, not something which happens on VGMdb https site version only (clarifying that just in case).

Also noting that every Amazon link (not exclusive to Japan ones) will be shown on the album page if entered with https. About the filtering in the first place though, isn't it perhaps time to stop it? More than five years passed since the incident (closer to six actually) and some of us are regularly adding (visible) Amazon links with no problems whatsoever.

All images (album images, preview, front, etc..) have stopped showing up on Win XP SP3 (while browing with either http or https).
The rest of the site still works perfectly fine using https.
Hoping there's a solution..

I have no idea how it works or how to do it, but can you make http:// automatically redirect to https:// when hitting regular http:// URLs? I usually access the site by typing "vgmd" in Chrome omnibar and then hitting down arrow + enter to hit the first cache result, which is vgmdb.net/forums/search.php?do=getnew. Or by typing "vgmdb.net search criteria" to automatically start a search.

I think most websites do this automatically because it's never anything I have to think about. For example, if I manually type "http://www.paypal.com", I get automatically redirected to https:. I assume websites have some sort of "you're using a client that supports https so we're going to serve that to you automatically" thing, but :shrug:

dancey: that's essentially what HSTS is for. So once they've confirmed that links are working properly, Gigablah will enable it and the site should start redirecting non-secure connections to https://

media.vgm.io (and sibling subdomains) are proxied by Cloudflare. Apparently the free plan doesn't have SHA-1 fallback for older browsers (e.g. those on Win XP): https://support.cloudflare.com/hc/en...rowser-Support

I've upgraded to a monthly paid plan. Please let me know if that fixes images on your side.


Yep, that's indeed what I plan to do, after the legacy browser issue is confirmed fixed.

I think I'll be using redirect rules, though. HSTS can screw up the site if it's not done properly.

Absolutely, the images are back!
Thank you very much.
(So now the site works also 100% with https on legacy browsers / XP)

Any update on this? It is, at least as of this posting, still http and not using HSTS.

I will not be turning on HSTS at this time, but I will turn on HTTPS redirection soon (aiming for this weekend).

Since there are users on legacy browser versions or operating systems (XP) who may have issues with HTTPS, the non-HTTP site will still be available as a fallback.

This is your fault, Alcahest.

Well I'm not sure I've already reported everything works ok on https / XP now that the images are fixed.