|
Eyrie Productions, Unlimited
zwol
Member since Feb-24-12
281 posts |
Jun-06-22, 12:29 PM (EDT) |
|
"HTTPS links (was re: WH40K nerdery)"
|
Kendra Kirai wrote: > Edit 3 edit harder: Also, your link is broken, with https://http/ being in front Peeling this off from the WH40K nerdery -- As far as I can tell, it is impossible to mark up a link to an https:// URL on this forum, because the [link:URL|Text] mechanism takes the URL without the scheme and slaps http:// in front of it, no matter what. You can paste an entire https link verbatim, e.g. https://en.wikipedia.org/wiki/Special:Random , but you can't have link text unless the site does HTTP-to-HTTPS redirection for you. This is becoming increasingly awkward what with the whole web moving to encrypted, but given how old the board software is, I imagine it's not likely to change soon, so, I guess just take this as a PSA? |
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
Gryphon
Charter Member
21494 posts |
Jun-06-22, 12:59 PM (EDT) |
|
1. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #0
|
>This is becoming increasingly awkward what with the whole web moving >to encrypted, but given how old the board software is, I imagine it's >not likely to change soon, so, I guess just take this as a PSA? Do not websites redirect incoming http:// requests to HTTPS if they won't serve them clear? It seems like that should have been an automatic requirement for the changeover, but what do I know, I got out of that business decades ago. Regardless, yeah, I suspect that's not fixable. --G. -><- Benjamin D. Hutchins, Co-Founder, Editor-in-Chief, & Forum Mod Eyrie Productions, Unlimited http://www.eyrie-productions.com/ zgryphon at that email service Google has Ceterum censeo Carthaginem esse delendam. |
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
|
|
|
zwol
Member since Feb-24-12
281 posts |
Jun-07-22, 11:59 AM (EDT) |
|
5. "RE: HTTPS links (was re: WH40K nerdery)"
In response to message #2
|
>>(G) Do not websites redirect incoming http:// requests to HTTPS if they >>won't serve them clear? > > (M) Most sites do but it's not built into the protocol itself as >far as I'm aware.This is also my understanding. The scenario that worries me most, with regard to the limitations of DCForum, is not "http://foo.example/ and https://foo.example/ are two different sites" (because everyone with half an ounce of sense can see that that's a silly thing to do) but rather "https://foo.example/ exists, http://foo.example/ doesn't." Or, at the level of server configuration, foo.example is listening on port 443 but not port 80. I'm imagining this being more and more likely as time goes by and use of cleartext protocols becomes more and more discouraged. At some point, it's going to seem like unnecessary additional attack surface to have that port 80 listener, even if all it ever does is issue redirects to the https version of the site. >> (G) Regardless, yeah, I suspect that's not fixable. Perhaps enough has been said on the subject, then. |
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
|
version 3.3 © 2001
Eyrie Productions,
Unlimited
Benjamin
D. Hutchins
E P U (Colour)
|