The Portable Freeware Collection Forums

While http://portablefreeware.com does a simple redirection to the https version of the website, http://www.portablefreeware.com does not.
As result, everyone that uses it browses the site in a non secure way.
It's hard to trace because it seems sometimes the browser catches up and adds https.

I just know many times I see this site in a non secure way because I type portablefreeware and hit ctrl+enter to enter it in my browser.
Please make sure no matter what https is always used.

If you use Firefox, use HTTPZ. That will automatically redirect you to HTTPS all the time and is more lightweight than HTTPS Everywhere.

freakazoid wrote: ↑Fri May 01, 2020 1:45 pm If you use Firefox, use HTTPZ. That will automatically redirect you to HTTPS all the time and is more lightweight than HTTPS Everywhere.

Thanks for the tip (I didn't know about that alternative plugin), but since doing what's morally right is obviously not enough, Google and others have declared war on http.
Every time it's found there are repercussions - from damaged SEO (and futuristic removal from search engines) to warnings (and futuristic blockage) from browsers.

I agree consistency is important here and I second lwc on this.

OTOH, I'd like to retain the possibility of browsing non-secure sites if I so wish. User discretion is paramount.

Fixed. Thanks for bringing this to my attention!

While we are at it, I have the following scenario:
- I force HTTPS (extension)
- Open the main site (not the forum), the click Login.
- Enter credentials
- You are given the message: "Tried to redirect to potentially insecure url."

vevy wrote: ↑Sun May 03, 2020 6:02 am While we are at it, I have the following scenario:
- I force HTTPS (extension)
- Open the main site (not the forum), the click Login.
- Enter credentials
- You are given the message: "Tried to redirect to potentially insecure url."

Does this still happen after my fix above? I can't reproduce this since the redirection should now be HTTPS.

Andrew Lee wrote: ↑Sun May 03, 2020 8:41 pm Does this still happen after my fix above? I can't reproduce this since the redirection should now be HTTPS.

I found out that the issue happens if the URL where you click "Login" ends with an ampersand (For example: https://www.portablefreeware.com/?p=2&). When post-login redirection happens, it produces this message.

An extension of mine was causing the addition of "&" at the end. I made a workaround to resolve the redirection issue but I can't figure out how to solve it completely without losing the extension functionality.

What extension is that, and what browser are you using?

I need to replicate your setup so that I can have a chance of reproducing the problem.

No need. Just go to: https://www.portablefreeware.com/?p=2& and click login
(or simply go to ucp.php?mode=login&redirect=%2F%3Fp%3D2%26amp%3B)
and then login.

I reproduced it on both Chrome and Firefox.

I think I have fixed the issue. Could you please verify?

Please do all your tests both with and without www.

yes, I forced Every website to open in HTTPS so that there is no risk of man in the middle attack.