ATAU defaulting to http?

#1

Seems to be a relatively recent change - default view seems to be http not https.

Forcing URL to https looks like it’s not linking to the replacement font.

01%20am

1 Like

#2

My bookmarked copy of this site is http only… suggesting that when I book-marked the site, it was as a http link… Though that would have been a long time ago…

Not sure if that helps.

Just reloaded as https… and yes - font changes. (err, I prefer how it looks under http)

0 Likes

#3

The forums have been on HTTP for a while now, even after we switched the front page over to HTTPS.

As you’ve discovered, you can use the forums on HTTPS, things just don’t look as they should.

It’s on the list.

2 Likes

#4

To be honest, the main reason for noticing this was being prompted by 1password when signing in on a different device - that I had last updated the password on the https page but was being signed in on a http page. :man_shrugging: No big deal, we’re not housing nuclear launch codes here.

0 Likes

#5

A year ago I was of the same opinion - if you’re not hosting or transmitting anything sensitive, why bother.

Then I read sveeral lengthy (but good) opinion pieces by Hunt, Helme et al who argue why EVERY site needs HTTPS. tl;dr: DNS injections, link hijacking, etc.

There’s really no reason why AT can’t move to forced HTTPS. I see the site is behind CloudFlare which complicates things (CF is pricey when SSL comes into it, and not an ideal solution given the way they handle HTTPS). Beyond that, there’s only a few minor things to update:

https://www.whynopadlock.com/results/52f3402f-5894-4efb-8f7f-595d8ed29a0e

0 Likes

#6

Based on cosmic’s comment, I checked my bookmark and its https. So the site is actually forcing a switch to http. I dont much care, but I will change my pass more frequently than I do now.

0 Likes

#7

Yep. No reason for any site not to be using SSL in 2019.

0 Likes

#8

Is there a difference between http and https with regards to logging in here and our password being compromised?

0 Likes

#9

so why is this site not presently using https?

0 Likes

#10

It’s… complicated, due to the somewhat unique way our Discourse instance is setup.

Probably nothing that can’t be fixed if I spent the better part of a day tinkering with it, just a matter of putting in the time and effort in to fixing it.

0 Likes