Alternatively, join us on Discord.

Forced https? ???

Started by DJ Omnimaga, July 24, 2015, 08:33:25 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DJ Omnimaga

I noticed in Opera 30 and Chrome mobile that CodeWalrus now redirects to https when using http, despite staff not planning to force https. Is that normal? Because that could cause issues with some  public computer or older mobile device users.

Unicorn

http://codewalr.us/index.php?topic=629.msg19271#msg19271

Well, that is the url I get when using an old version of chrome that doesn't support omnimaga's form of https. And my kindle still works. Its not a problem for me!



??? ??? ??? ??? ???

Snektron

Maybe its your browser checking if https is avaiable, and if so uses it since its safer?
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


gbl08ma

Two ideas:
1. You aren't using HTTPS Everywhere or anything of that kind, are you? (Kinda hard since you talk about Chrome mobile and AFAIK that doesn't support extensions)
2. Could it have something to do with https://ma.ttias.be/chrome-44-sending-https-header-by-mistake-breaking-web-applications-everywhere/ ? Recent versions of Opera are Chromium-based but I'm finding it strange for the bug to have found its way to Opera so fast...

DJ Omnimaga

Interesting. I am curious if  it could be the latter issue.  I'll have to investigate further I guess.

utz

July 24, 2015, 10:47:31 pm #5 Last Edit: July 24, 2015, 10:51:29 pm by utz
Afaik enforcing https will become default behaviour in most major browsers in the not-too-distant future. So maybe these two already started implementing that?

HTTPS Everywhere is unlikely to be the issue as it doesn't know about codewalrus' https alt (unless you implicitly tell it).

DJ Omnimaga

Ok, so it looks like newer browsers are using HTTPS by default on CW and some other sites now. I just checked the following websites when typing http instead of https and got the following:


-CodeWalrus: IE6 shows the website (obviously with many display issues, but at least it displays at all)
-Omnimaga: IE6 shows error (Page can't be displayed)
-Cemetech: IE6 shows error
-TI-Planet: IE6 shows error

So CW doesn't force the use of HTTPS. Of course IE6 is pretty much useless now but I was more worried about older mobile devices or stuff like Kindles from 2008.


However, I restarted after removing CW from my Opera settings and stuff and now it shows HTTP. Mobile still shows HTTPS by default.

Unicorn

Older kindles are fine until there's a 360 redirect force HTTPS thing. :P



??? ??? ??? ??? ???

DJ Omnimaga

Can you access Cemetech and Omnimaga from yours, though?

Unicorn

Not omnimaga, but cemetech works fine, as well as ti planet. ;)



??? ??? ??? ??? ???

Snektron

Quote from: utz on July 24, 2015, 10:47:31 pm
Afaik enforcing https will become default behaviour in most major browsers in the not-too-distant future. So maybe these two already started implementing that?

HTTPS Everywhere is unlikely to be the issue as it doesn't know about codewalrus' https alt (unless you implicitly tell it).

Since chrome quite up-to-date i'd guess they've already implemented it. Also, theres probably a check to see if a server supports https.
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Streetwalrus

Juju perfected the https config and enabled HSTS (https enforcing). That means if your browser supports https then it will use it. Only ancient browsers should dislike it. HSTS was introduced in 2012 so browsers older than that will most likely ignore it so nothing to worry about. :)

DJ Omnimaga

July 25, 2015, 05:23:40 pm #12 Last Edit: July 25, 2015, 05:25:21 pm by DJ Omnimaga
Quote from: Unicorn on July 25, 2015, 02:53:24 am
Not omnimaga, but cemetech works fine, as well as ti planet. ;)
I just checked those three sites on my Samsung i5510 actually (which runs Android 2.2.2) and this is what I got:

-Omnimaga: Doesn't work at all
-Cemetech: Works fine
-TI-Planet: Throws a warning, but works fine

When I still went to Omnimaga, all I had as mobile device was the Samsung i5510, which only supported Android 2.2.2. If the forced HTTPS would have happened back then and that Tapatalk would not have existed, I would have been in a bit of trouble. >.<

Adriweb

Quote from: DJ Omnimaga on July 25, 2015, 05:23:40 pm-TI-Planet: Throws a warning, but works fine

Do you know what warning it was?
Co-founder & co-administrator of TI-Planet and Inspired-Lua

DJ Omnimaga

I don't exactly remember what it was, but it was about untrusted certificate and it asked me to accept it. I have the same problem on many other HTTPS website (eg TVA Nouvelles).

Powered by EzPortal