Forced https? ???

[xlibman]

I noticed in Opera 30 and Chrome mobile that CodeWalrus now redirects to https when using http, despite staff not planning to force https. Is that normal? Because that could cause issues with some  public computer or older mobile device users.

[Unicorn]

http://codewalr.us/index.php?topic=629.msg19271#msg19271

Well, that is the url I get when using an old version of chrome that doesn't support omnimaga's form of https. And my kindle still works. Its not a problem for me!

[Snektron]

Maybe its your browser checking if https is avaiable, and if so uses it since its safer?

[gbl08ma]

Two ideas:
1. You aren't using HTTPS Everywhere or anything of that kind, are you? (Kinda hard since you talk about Chrome mobile and AFAIK that doesn't support extensions)
2. Could it have something to do with https://ma.ttias.be/chrome-44-sending-https-header-by-mistake-breaking-web-applications-everywhere/ ? Recent versions of Opera are Chromium-based but I'm finding it strange for the bug to have found its way to Opera so fast...

[xlibman]

Interesting. I am curious if  it could be the latter issue.  I'll have to investigate further I guess.

[utz]

Afaik enforcing https will become default behaviour in most major browsers in the not-too-distant future. So maybe these two already started implementing that?

HTTPS Everywhere is unlikely to be the issue as it doesn't know about codewalrus' https alt (unless you implicitly tell it).

[xlibman]

Ok, so it looks like newer browsers are using HTTPS by default on CW and some other sites now. I just checked the following websites when typing http instead of https and got the following:


-CodeWalrus: IE6 shows the website (obviously with many display issues, but at least it displays at all)
-Omnimaga: IE6 shows error (Page can't be displayed)
-Cemetech: IE6 shows error
-TI-Planet: IE6 shows error

So CW doesn't force the use of HTTPS. Of course IE6 is pretty much useless now but I was more worried about older mobile devices or stuff like Kindles from 2008.


However, I restarted after removing CW from my Opera settings and stuff and now it shows HTTP. Mobile still shows HTTPS by default.

[Unicorn]

Older kindles are fine until there's a 360 redirect force HTTPS thing.

[xlibman]

Can you access Cemetech and Omnimaga from yours, though?

[Unicorn]

Not omnimaga, but cemetech works fine, as well as ti planet.

[Snektron]

Afaik enforcing https will become default behaviour in most major browsers in the not-too-distant future. So maybe these two already started implementing that?

HTTPS Everywhere is unlikely to be the issue as it doesn't know about codewalrus' https alt (unless you implicitly tell it).

Since chrome quite up-to-date i'd guess they've already implemented it. Also, theres probably a check to see if a server supports https.

[Streetwalrus]

Juju perfected the https config and enabled HSTS (https enforcing). That means if your browser supports https then it will use it. Only ancient browsers should dislike it. HSTS was introduced in 2012 so browsers older than that will most likely ignore it so nothing to worry about.

[xlibman]

Not omnimaga, but cemetech works fine, as well as ti planet.

I just checked those three sites on my Samsung i5510 actually (which runs Android 2.2.2) and this is what I got:

-Omnimaga: Doesn't work at all
-Cemetech: Works fine
-TI-Planet: Throws a warning, but works fine

When I still went to Omnimaga, all I had as mobile device was the Samsung i5510, which only supported Android 2.2.2. If the forced HTTPS would have happened back then and that Tapatalk would not have existed, I would have been in a bit of trouble. >.<

[Adriweb]

-TI-Planet: Throws a warning, but works fine

Do you know what warning it was?

[xlibman]

I don't exactly remember what it was, but it was about untrusted certificate and it asked me to accept it. I have the same problem on many other HTTPS website (eg TVA Nouvelles).