It's 2016 and Emby (Community) still doesn't use proper TLS.
- This page has an Qualys SSL Labs rating of F (this should be A or A+)
- Most links on this page redirect back to HTTP
- Most pages are only partially HTTPS
- You can't login securely without editing the form manually
- You can't register securely without editing the form manually
- You can't post in the forum securely without editing the form manually
- Side note: Your PHP exposes its version freely in your X-Powered-By header
- Also, your plugin catalog images are loaded solely via HTTP. This results in some of them being blocked by modern browsers.
In a year where SSL certificates are free and there is more than enough documentation on securing a TLS connection it's not acceptable for a company trying to sell products for up to 100$ to be this insecure.
I would love to see this done properly.
edit: Also just saw the pinned thread. Feel free to move it in there.
Edited by DomiStyle, 18 August 2016 - 02:55 AM.