Jump to content

HTTPS instead of HTTP as default protocol for links where protocol is not specified

aia
aia
in Feedback

Featured Replies

Posted

If you insert a link without protocol, it will appear with HTTP in the editor.

In 2022 (even in 2015, to be honest), it would be better to use HTTPS as the default protocol. Those who need HTTP must define it explicitly.

Example:

Could contain: Text, Page, Text Message

Result: example.com

JFYI: according to google, almost all websites are using HTTPS: https://transparencyreport.google.com/https/overview

So forcing the HTTP protocol where there is no need is harmful.

Edited by 13.

When you insert it without a protocol, it passes it to the browser without a protocol.  Your browser by default sets to HTTP instead of HTTPS.  If the destination site properly sets HSTS headers (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), the browser will transparently use HTTPS even if HTTP is specified.  

This is not an IPS configuration issue but instead a default way links are handled.  

    • Author
    7 minutes ago, Randy Calvert said:

    When you insert it without a protocol, it passes it to the browser without a protocol.  Your browser by default sets to HTTP instead of HTTPS.  If the destination site properly sets HSTS headers (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), the browser will transparently use HTTPS even if HTTP is specified.  

    This is not an IPS configuration issue but instead a default way links are handled.  

    Wrong. It is not related to HSTS or the browser at all. IPS's editor forces HTTP protocol if a protocol is not specified. Just try to do exactly what is shown on the screenshot and see the resulting HTML.

    Could contain: Text, Text Message, Page

    Result: koreanrandom.com (http://koreanrandom.com)

    Could contain: Text, Page, File
     

    Edited by 13.

    But that's the value of HSTS.  When you clicked that HTTP link, it automatically is rewritten to HTTPS.  I clicked that HTTP link you posted above and the BROWSER natively went forward to the site via HTTPS instead of HTTP. 

    Edited by Randy Calvert

    • Author

    This topic is not about that. This topic is about defaults (of editor's link insertion tool) that are more secure and relevant to current and future times. And not all sites use HSTS, btw. And most of them never will.

    Edited by 13.

    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.