13. Posted October 4, 2022 Share Posted October 4, 2022 (edited) If you insert a link without protocol, it will appear with HTTP in the editor. In 2022 (even in 2015, to be honest), it would be better to use HTTPS as the default protocol. Those who need HTTP must define it explicitly. Example: Result: example.com JFYI: according to google, almost all websites are using HTTPS: https://transparencyreport.google.com/https/overview So forcing the HTTP protocol where there is no need is harmful. Edited October 4, 2022 by 13. Link to comment Share on other sites More sharing options...
Randy Calvert Posted October 4, 2022 Share Posted October 4, 2022 When you insert it without a protocol, it passes it to the browser without a protocol. Your browser by default sets to HTTP instead of HTTPS. If the destination site properly sets HSTS headers (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), the browser will transparently use HTTPS even if HTTP is specified. This is not an IPS configuration issue but instead a default way links are handled. SeNioR- 1 Link to comment Share on other sites More sharing options...
13. Posted October 4, 2022 Author Share Posted October 4, 2022 (edited) 7 minutes ago, Randy Calvert said: When you insert it without a protocol, it passes it to the browser without a protocol. Your browser by default sets to HTTP instead of HTTPS. If the destination site properly sets HSTS headers (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), the browser will transparently use HTTPS even if HTTP is specified. This is not an IPS configuration issue but instead a default way links are handled. Wrong. It is not related to HSTS or the browser at all. IPS's editor forces HTTP protocol if a protocol is not specified. Just try to do exactly what is shown on the screenshot and see the resulting HTML. Result: koreanrandom.com (http://koreanrandom.com) Edited October 4, 2022 by 13. Link to comment Share on other sites More sharing options...
Randy Calvert Posted October 4, 2022 Share Posted October 4, 2022 (edited) But that's the value of HSTS. When you clicked that HTTP link, it automatically is rewritten to HTTPS. I clicked that HTTP link you posted above and the BROWSER natively went forward to the site via HTTPS instead of HTTP. Edited October 4, 2022 by Randy Calvert SeNioR- 1 Link to comment Share on other sites More sharing options...
13. Posted October 4, 2022 Author Share Posted October 4, 2022 (edited) This topic is not about that. This topic is about defaults (of editor's link insertion tool) that are more secure and relevant to current and future times. And not all sites use HSTS, btw. And most of them never will. Edited October 4, 2022 by 13. Link to comment Share on other sites More sharing options...
Recommended Posts