I’m planning on introducing SSL some time later this summer for logins. I think that’s a great option for premium users: SSL always on. But I’ve gotta get this mobile app out first. SSL is high on the priority list.
So, how 'bout that SSL?
Got the SSL cert a couple weeks ago. Going to possibly add it as an option, but the issue is that all of the images in feeds will be coming from non-SSL pages. Not really sure what to do about that.
The SSL cert is so I can integrate Stripe.js.
+1 for SSL support! 
Google reader handles the SSL by just letting the “mixed content”/“Partially unencrypted” warning exist. Not everything will be encrypted, since it’s loading content from HTTP only sites. Mixed content doesn’t throw a red flag in the browsers.
I would be a big fan of SSL as well.
Just a friendly heads up, since I ran into the same problem previously: If you access SSL from iOS (even using the built-in NSURLConnection and friends), you need to get an export certificate from the US government. Best to start the process now so you have it in hand when you are ready to submit to the app store. The steps can be found at http://zetetic.net/blog/2009/08/03/ma…
I just saw the blog post about SSL support. Great!
A few notes:
* When I attempt to visit https://newsblur.com in Firefox 10.0.2 I get a certificate error: “The certificate is not trusted because no issuer chain was provided.” Are you using nginx? If so you have to put the issuer’s cert into your cert. See: http://nginx.org/en/docs/http/configu… I’ve had this problem with StartCom certificates on Nginx: http://blog.dob.sk/2009/10/15/startco… . Apparently Apache doesn’t care about the issuer chain.
* Any chance of forcing SSL logins for everyone?
* Any chance of getting an account preference to force SSL for everything?
Just stellar advice. Thanks so much! Fixed the issue by attaching the intermediate certificates to mine. Wasn’t simple, but your links were super helpful.
I’ll go make you an account preference right now.
Excellent!
I also noticed that https://newsblur.com does not redirect to https://www.newsblur.com. I assume that’s a mistake, since that redirect does exist for http.
Actually non-www. no longer redirects to www. I figured users want to choose which to use, which is fine by me. It’ll double up your cookies, but that shouldn’t be an issue for anybody sticking with the same URL.
Awesome! 
I submitted a NewsBlur rule for the Firefox/Chrome plugin HTTPS Everywhere: https://mail1.eff.org/pipermail/https…
It targets http://newsblur.com and http://www.newsblur.com and redirects them both to https://www.newsblur.com. It also forces secure cookies.
I have no idea what the process is for actually getting the rule included in the production version – there seems to be a large backlog of user submitted rules. If anybody wants to use it in the meantime, just save the XML as ~/.mozilla/firefox/[profile]/HTTPSEverywhereUserRules/NewsBlur.xml
Shouldn’t this be marked as completed since it’s been implemented?
I don’t know how to mark a thread as closed here. I don’t pay for Get Satisfaction, so I don’t have much admin ability.
Hey Samuel,
I think GetSatisfaction recently made the admin features free for the first user.
http://blog.getsatisfaction.com/2012/…
Here’s the spot to make this thread closed so other threads (like the “Please read this first” thread) can rise to the top.
http://product.getsatisfaction.com/20…
New preference: automatically redirect to secure https site. Here’s the code: https://github.com/samuelclay/NewsBlu…