Hosting your game securely

As of November 13, 2017, Kongregate will begin hosting all of its content via SSL. Due to this fact, it may be necessary to alter how your game is hosted and how it requests resources to ensure that it isn't attempting to service insecure assets.

๐Ÿ“˜

Testing your game with SSL

If you want to test how your game will load prior to Kongregate making this switch, you can use the following query string param:

 ?force_ssl_iframe=true

Iframe Games

If you are hosting your game yourself and have selected Iframe as your type of game, you will need to ensure that the URL you have provided can handle requests via https. Enabling this will require acquiring an SSL certificate and enabling it on your hosting service.

๐Ÿ“˜

Let's Encrypt

The industry has recently begun to offer a free, automated, and open Certificate Authority. You can learn more about it by visiting their website, where you can learn more about Certificate Authorities, generate a certificate, and find some helpful steps on how to enable SSL on a variety of platforms.

HTML5/WebGL Games

If you uploaded your game as an HTML5/WebGL game, or are hosting it yourself, the primary concern is to ensure that any external assets are being requested via https. This includes, but is not limited to, the Kongregate API which you can find details on requesting here. Other resources such as stylesheets and external scripts should also be requested explicitly via https as shown in the below examples:

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" crossorigin="anonymous"></script>

๐Ÿ“˜

Chrome Security Tab

Google has included a very powerful feature in Chrome's Developer Tools to assist with debugging security issues on websites, the Security Tab. You can find out more about it in this blog post from Google.