[ EPU Foyer ] [ Lab and Grill ] [ Bonus Theater!! ] [ Rhetorical Questions ] [ CSRANTronix ] [ GNDN ] [ Subterranean Vault ] [ Discussion Forum ] [ Gun of the Week ]

Eyrie Productions, Unlimited

Subject: "HTTPS links (was re: WH40K nerdery)"     Previous Topic | Next Topic
Printer-friendly copy    
Conferences The Forum Itself Topic #110
Reading Topic #110
zwol
Member since Feb-24-12
281 posts
Jun-06-22, 12:29 PM (EDT)
Click to EMail zwol Click to send private message to zwol Click to view user profileClick to add this user to your buddy list  
"HTTPS links (was re: WH40K nerdery)"
 
   Kendra Kirai wrote:

> Edit 3 edit harder: Also, your link is broken, with https://http/ being in front

Peeling this off from the WH40K nerdery --

As far as I can tell, it is impossible to mark up a link to an https:// URL on this forum, because the [link:URL|Text] mechanism takes the URL without the scheme and slaps http:// in front of it, no matter what. You can paste an entire https link verbatim, e.g. https://en.wikipedia.org/wiki/Special:Random , but you can't have link text unless the site does HTTP-to-HTTPS redirection for you.

This is becoming increasingly awkward what with the whole web moving to encrypted, but given how old the board software is, I imagine it's not likely to change soon, so, I guess just take this as a PSA?


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top

  Subject     Author     Message Date     ID  
  RE: HTTPS links (was re: WH40K nerdery) Gryphonadmin Jun-06-22 1
     RE: HTTPS links (was re: WH40K nerdery) Moonsword Jun-06-22 2
         RE: HTTPS links (was re: WH40K nerdery) zwol Jun-07-22 5
     RE: HTTPS links (was re: WH40K nerdery) Senji Jun-07-22 3
  RE: HTTPS links (was re: WH40K nerdery) Kendra Kirai Jun-07-22 4

Conferences | Topics | Previous Topic | Next Topic
Gryphonadmin
Charter Member
21494 posts
Jun-06-22, 12:59 PM (EDT)
Click to EMail Gryphon Click to send private message to Gryphon Click to view user profileClick to add this user to your buddy list  
1. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #0
 
   >This is becoming increasingly awkward what with the whole web moving
>to encrypted, but given how old the board software is, I imagine it's
>not likely to change soon, so, I guess just take this as a PSA?

Do not websites redirect incoming http:// requests to HTTPS if they won't serve them clear? It seems like that should have been an automatic requirement for the changeover, but what do I know, I got out of that business decades ago.

Regardless, yeah, I suspect that's not fixable.

--G.
-><-
Benjamin D. Hutchins, Co-Founder, Editor-in-Chief, & Forum Mod
Eyrie Productions, Unlimited http://www.eyrie-productions.com/
zgryphon at that email service Google has
Ceterum censeo Carthaginem esse delendam.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
Moonsword
Member since Mar-15-22
8 posts
Jun-06-22, 09:03 PM (EDT)
Click to EMail Moonsword Click to send private message to Moonsword Click to view user profileClick to add this user to your buddy list  
2. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #1
 
   >Do not websites redirect incoming http:// requests to HTTPS if they
>won't serve them clear? It seems like that should have been an
>automatic requirement for the changeover, but what do I know, I got
>out of that business decades ago.
>
>Regardless, yeah, I suspect that's not fixable.
>
>--G.

Most sites do but it's not built into the protocol itself as far as I'm aware. Probably some of the site hosts and such have gotten smarter over time on the public-facing Internet. At the office, there are sites internally we just don't serve over HTTP and the network appliance won't connect you to if you don't come in with the right protocol. The public facing side is programmed to be more user-friendly.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
zwol
Member since Feb-24-12
281 posts
Jun-07-22, 11:59 AM (EDT)
Click to EMail zwol Click to send private message to zwol Click to view user profileClick to add this user to your buddy list  
5. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #2
 
   >>(G) Do not websites redirect incoming http:// requests to HTTPS if they
>>won't serve them clear?
>
> (M) Most sites do but it's not built into the protocol itself as
>far as I'm aware.

This is also my understanding.

The scenario that worries me most, with regard to the limitations of DCForum, is not "http://foo.example/ and https://foo.example/ are two different sites" (because everyone with half an ounce of sense can see that that's a silly thing to do) but rather "https://foo.example/ exists, http://foo.example/ doesn't." Or, at the level of server configuration, foo.example is listening on port 443 but not port 80. I'm imagining this being more and more likely as time goes by and use of cleartext protocols becomes more and more discouraged. At some point, it's going to seem like unnecessary additional attack surface to have that port 80 listener, even if all it ever does is issue redirects to the https version of the site.

>> (G) Regardless, yeah, I suspect that's not fixable.

Perhaps enough has been said on the subject, then.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
Senji
Member since Apr-27-07
210 posts
Jun-07-22, 05:13 AM (EDT)
Click to EMail Senji Click to send private message to Senji Click to view user profileClick to add this user to your buddy list  
3. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #1
 
   >Do not websites redirect incoming http:// requests to HTTPS if they
>won't serve them clear? It seems like that should have been an
>automatic requirement for the changeover, but what do I know, I got
>out of that business decades ago.
>
HTTPS is so old that people still thought it was a sensible use of scarce resources to treat https://example.com/ as an entirely different namespace to http://example.com/ ; and the idea that everything should be served over https didn't come around until a lot more recently at which point it was too late to insist it was just http only with extra encryption on top.

Basically "we fucked up again", story of the internet it seems :-D

L.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top
Kendra Kirai
Member since May-22-16
182 posts
Jun-07-22, 06:21 AM (EDT)
Click to EMail Kendra%20Kirai Click to send private message to Kendra%20Kirai Click to view user profileClick to add this user to your buddy list  
4. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #0
 
   Looks like I may have have also flipped the protocols around in my haste and tiredness, so, sorry about that. :3 I didn't actually pay close attention, I just saw that the forum converted the *entire* URL to link by adding another layer and guessed which order was correct.


  Alert | IP Printer-friendly page | Edit | Reply | Reply With Quote | Top

Conferences | Topics | Previous Topic | Next Topic

[ YUM ] [ BIG ] [ ??!? ] [ RANT ] [ GNDN ] [ STORE ] [ FORUM ] GOTW ] [ VAULT ]

version 3.3 © 2001
Eyrie Productions, Unlimited
Benjamin D. Hutchins
E P U (Colour)