Lukeroge Posted July 20, 2015 Share Posted July 20, 2015 So I enabled my site for full https in addition to http, and the site can never manage to get the urls right. It seems most urls will change to HTTP or HTTPS, but a few don't seem to change properly based on what protocol the site was loaded as. Any modern script should support this properly.Also, the system the script uses for guest caching results in another issue. If someone loads an HTTPS page, the script caches the result of that and serves the page with HTTPS urls in it to any non-HTTPS user who comes later, causing issues with cross-site requests and stopping things from loading correctly. This also works the other way, where if a page is loaded with HTTPS shortly after it was loaded with HTTP, it will break the page because all the URLs for CSS/etc are cached as the HTTP ones and will be blocked by the browser. Link to comment Share on other sites More sharing options...
AutoItScript Posted July 20, 2015 Share Posted July 20, 2015 You need to change your web server config so that any http requests are rewritten to https before they hit the forum. You want all users hitting the site with the same URL regardles of what they typed in the browser. Something like:# Force https for all RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] Link to comment Share on other sites More sharing options...
Lukeroge Posted July 20, 2015 Author Share Posted July 20, 2015 You need to change your web server config so that any http requests are rewritten to https before they hit the forum. You want all users hitting the site with the same URL regardles of what they typed in the browser. Something like:# Force https for all RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] I know I could force global SSL, but I had hoped to not require that right yet. IPS4 really should be able to handle requests from both protocols without breaking the page. Link to comment Share on other sites More sharing options...
Dll Posted July 20, 2015 Share Posted July 20, 2015 You're going to run into more problems if you continue allowing both http and https traffic, as you could end up with google indexing both as separate sites, and then potentially penalising you for duplicate content. Best practice is to have one or the other. Link to comment Share on other sites More sharing options...
Lukeroge Posted July 21, 2015 Author Share Posted July 21, 2015 You're going to run into more problems if you continue allowing both http and https traffic, as you could end up with google indexing both as separate sites, and then potentially penalising you for duplicate content. Best practice is to have one or the other. I suppose I'll have to make up my mind then, haha. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.