Http should redirect to https

The insecure site http://safenetforum.org does not automatically redirect to https://safenetforum.org when it used to.

Please ensure this redirect happens for the security and privacy of all users.

3 Likes

I just tried it and it does redirect for me.

also safenetforum.org redirects too. (without http://)

using firefox without the addon to force https

2 Likes

I reproduced this on two browsers in several different ‘modes’. Not sure why it’s redirecting for you, maybe a long-lived HSTS header which I don’t have?

chrome
chrome incognito
chrome guest
firefox
firefox private mode

image

image

2 Likes

Not sure what is happening. Are you using a business/uni network? Can you redirect other non-https urls to the https version?

I just tried chrome (all of this on 2 machines) and it works.

When done on firefox I actually see the http version accessed then it moves to https version after 1/4 second or so like other redirects do.

So what the issue is beyond me at the moment.

EDIT: Just tried a virtual machine (windows) that I’ve never accessed the forum from (with noscript installed) and saw the redirect occur and gave me the message I need to enable javascript (app could not load)

2 Likes

Both responses are status 200 when I’d expect a 301 from http to https

Also check the Server header below (why is it different?!)

Any difference with the response headers you’re seeing?

http headers

ian@ian-desktop:~ $ curl -I http://safenetforum.org
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 Apr 2018 02:54:02 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Discourse-Route: list/latest
Cache-Control: no-store, must-revalidate, no-cache, private
X-Request-Id: 71cd1be7-30c4-47bf-be75-0bce048163f4
X-Runtime: 0.156217
Referrer-Policy: no-referrer-when-downgrade
Discourse-Proxy-ID: app-router-tiehunter07

https headers

ian@ian-desktop:~ $ curl -I https://safenetforum.org
HTTP/1.1 200 OK
Server: nginx/1.13.11
Date: Thu, 12 Apr 2018 02:54:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Discourse-Route: list/latest
Cache-Control: no-store, must-revalidate, no-cache, private
X-Request-Id: 15f0d1c7-9ee3-4418-bd88-a6b3a22cf7e6
X-Runtime: 0.137216
Referrer-Policy: no-referrer-when-downgrade
Discourse-Proxy-ID: app-router-tiehunter07
1 Like

Standard residential ADSL network.

Yes. eg http://iancoleman.io redirects for me to https

1 Like

I have tested this on 2 windows systems with Vivaldi and Firefox with https everywhere disabled.
They all redirect just fine.

1 Like

I’m able to reproduce this issue in Chrome and Firefox when opening http://safenetforum.org in a new incognito/private window.

I just contacted the Discourse team, I’ll let you know when they fix this issue (I’m pretty sure the redirect from HTTP to HTTPS was working fine before). Thank you @mav for letting us know about this :slightly_smiling_face:

2 Likes

I get the same.

I am going to try adding the firfox ID in the curl to see if nginx reacts differently. (after lunch that is)

1 Like

Adding “user-agent” and/or referrer makes no difference.

So firefox and chrome must have been testing for https without being asked to.

The Discourse team just re-enabled the redirect from HTTP to HTTPS. They said this was caused by our DNS looking wrong to them since it’s at the root domain. It should be fixed now.

3 Likes

Yes it looks fixed from here, thanks for arranging it.

3 Likes