Can you make sure the website always forces https/ssl?

All suggestions about TPFC should be posted here. Discussions about changes to TPFC will also be carried out here.
Post Reply
Message
Author
lwc
Posts: 91
Joined: Tue Jun 26, 2012 10:40 pm
Contact:

Can you make sure the website always forces https/ssl?

#1 Post by lwc » Fri May 01, 2020 11:44 am

While http://portablefreeware.com does a simple redirection to the https version of the website, http://www.portablefreeware.com does not.
As result, everyone that uses it browses the site in a non secure way.
It's hard to trace because it seems sometimes the browser catches up and adds https.

I just know many times I see this site in a non secure way because I type portablefreeware and hit ctrl+enter to enter it in my browser.
Please make sure no matter what https is always used.
Attachments
without www.png
with www.png
My apps' developments:

freakazoid
Posts: 1018
Joined: Wed Jul 18, 2007 5:45 pm

Re: Can you make sure the website always forces https/ssl?

#2 Post by freakazoid » Fri May 01, 2020 1:45 pm

If you use Firefox, use HTTPZ. That will automatically redirect you to HTTPS all the time and is more lightweight than HTTPS Everywhere.
is it stealth? ;)

lwc
Posts: 91
Joined: Tue Jun 26, 2012 10:40 pm
Contact:

Re: Can you make sure the website always forces https/ssl?

#3 Post by lwc » Fri May 01, 2020 2:14 pm

freakazoid wrote:
Fri May 01, 2020 1:45 pm
If you use Firefox, use HTTPZ. That will automatically redirect you to HTTPS all the time and is more lightweight than HTTPS Everywhere.
Thanks for the tip (I didn't know about that alternative plugin), but since doing what's morally right is obviously not enough, Google and others have declared war on http.
Every time it's found there are repercussions - from damaged SEO (and futuristic removal from search engines) to warnings (and futuristic blockage) from browsers.
My apps' developments:

User avatar
Midas
Posts: 5415
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Can you make sure the website always forces https/ssl?

#4 Post by Midas » Sat May 02, 2020 4:07 pm

I agree consistency is important here and I second lwc on this.

OTOH, I'd like to retain the possibility of browsing non-secure sites if I so wish. User discretion is paramount.

User avatar
Andrew Lee
Posts: 2437
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: Can you make sure the website always forces https/ssl?

#5 Post by Andrew Lee » Sun May 03, 2020 1:45 am

Fixed. Thanks for bringing this to my attention!

vevy
Posts: 483
Joined: Tue Sep 10, 2019 11:17 am

Re: Can you make sure the website always forces https/ssl?

#6 Post by vevy » Sun May 03, 2020 6:02 am

While we are at it, I have the following scenario:
- I force HTTPS (extension)
- Open the main site (not the forum), the click Login.
- Enter credentials
- You are given the message: "Tried to redirect to potentially insecure url."
I do NOT have other accounts.

User avatar
Andrew Lee
Posts: 2437
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: Can you make sure the website always forces https/ssl?

#7 Post by Andrew Lee » Sun May 03, 2020 8:41 pm

vevy wrote:
Sun May 03, 2020 6:02 am
While we are at it, I have the following scenario:
- I force HTTPS (extension)
- Open the main site (not the forum), the click Login.
- Enter credentials
- You are given the message: "Tried to redirect to potentially insecure url."
Does this still happen after my fix above? I can't reproduce this since the redirection should now be HTTPS.

vevy
Posts: 483
Joined: Tue Sep 10, 2019 11:17 am

Re: Can you make sure the website always forces https/ssl?

#8 Post by vevy » Tue May 05, 2020 6:59 am

Andrew Lee wrote:
Sun May 03, 2020 8:41 pm
Does this still happen after my fix above? I can't reproduce this since the redirection should now be HTTPS.
I found out that the issue happens if the URL where you click "Login" ends with an ampersand (For example: https://www.portablefreeware.com/?p=2&). When post-login redirection happens, it produces this message.

An extension of mine was causing the addition of "&" at the end. I made a workaround to resolve the redirection issue but I can't figure out how to solve it completely without losing the extension functionality.
I do NOT have other accounts.

User avatar
Andrew Lee
Posts: 2437
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: Can you make sure the website always forces https/ssl?

#9 Post by Andrew Lee » Wed May 06, 2020 6:07 pm

What extension is that, and what browser are you using?

I need to replicate your setup so that I can have a chance of reproducing the problem.

vevy
Posts: 483
Joined: Tue Sep 10, 2019 11:17 am

Re: Can you make sure the website always forces https/ssl?

#10 Post by vevy » Fri May 08, 2020 5:45 am

No need. Just go to: https://www.portablefreeware.com/?p=2& and click login
(or simply go to ucp.php?mode=login&redirect=%2F%3Fp%3D2%26amp%3B)
and then login.

I reproduced it on both Chrome and Firefox.
I do NOT have other accounts.

User avatar
Andrew Lee
Posts: 2437
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: Can you make sure the website always forces https/ssl?

#11 Post by Andrew Lee » Fri May 08, 2020 9:41 pm

I think I have fixed the issue. Could you please verify?

vevy
Posts: 483
Joined: Tue Sep 10, 2019 11:17 am

Re: Can you make sure the website always forces https/ssl?

#12 Post by vevy » Sat May 09, 2020 5:47 am

👍
I do NOT have other accounts.

lwc
Posts: 91
Joined: Tue Jun 26, 2012 10:40 pm
Contact:

Re: Can you make sure the website always forces https/ssl?

#13 Post by lwc » Sat May 09, 2020 1:13 pm

Please do all your tests both with and without www.
My apps' developments:

Post Reply