If I go to https://mining.bitcoin.cz/ or https://mining.bitcoin.cz/accounts/login/?next=/accounts/profile/ , it stays secure but when I login, the website takes me to my account unencrypted. Could you please implement a certified SSL Server Certificate to your site? Also to stick to HTTPS at any given time connected to mining.bitcoin.cz? Or an option to stay connect securely after logging in?
Hi pekv2,
I worked around this bug with the Firefox extension "HTTPS Everywhere" (https://www.eff.org/https-everywhere). In order to work with the pool's site you have to create a custom ruleset (as described at https://www.eff.org/https-everywhere/rulesets).
For mining.bitcoin.cz it looks like this:
Code:
<ruleset name="mining.bitcoin.cz">
<target host="mining.bitcoin.cz" />
<rule from="^http://mining.bitcoin.cz/" to="https://mining.bitcoin.cz/" />
<securecookie host="^mining\.bitcoin\.cz$" name=".*" />
</ruleset>
Put this in a file called mining.bitcoin.cz.xml in the HTTPSEverywhereUserRules folder in your Firefox profile. After restart you will only ever see https for the site. Also your cookie will be marked as secure and thus only be sent over https. Maybe you have to log out and in again to have this take effect.
HTH