HTTPS instead of HTTP as default protocol for links where protocol is not specified

aia · October 4, 2022

If you insert a link without protocol, it will appear with HTTP in the editor.

In 2022 (even in 2015, to be honest), it would be better to use HTTPS as the default protocol. Those who need HTTP must define it explicitly.

Example:

Result: example.com

JFYI: according to google, almost all websites are using HTTPS: https://transparencyreport.google.com/https/overview

So forcing the HTTP protocol where there is no need is harmful.

Edited October 4, 2022 by 13.

Randy Calvert · October 4, 2022

When you insert it without a protocol, it passes it to the browser without a protocol. Your browser by default sets to HTTP instead of HTTPS. If the destination site properly sets HSTS headers (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), the browser will transparently use HTTPS even if HTTP is specified.

This is not an IPS configuration issue but instead a default way links are handled.

aia · October 4, 2022

7 minutes ago, Randy Calvert said:

When you insert it without a protocol, it passes it to the browser without a protocol. Your browser by default sets to HTTP instead of HTTPS. If the destination site properly sets HSTS headers (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), the browser will transparently use HTTPS even if HTTP is specified.

This is not an IPS configuration issue but instead a default way links are handled.

Wrong. It is not related to HSTS or the browser at all. IPS's editor forces HTTP protocol if a protocol is not specified. Just try to do exactly what is shown on the screenshot and see the resulting HTML.

Result: koreanrandom.com (http://koreanrandom.com)

Edited October 4, 2022 by 13.

Randy Calvert · October 4, 2022

But that's the value of HSTS. When you clicked that HTTP link, it automatically is rewritten to HTTPS. I clicked that HTTP link you posted above and the BROWSER natively went forward to the site via HTTPS instead of HTTP.

Edited October 4, 2022 by Randy Calvert

aia · October 4, 2022

This topic is not about that. This topic is about defaults (of editor's link insertion tool) that are more secure and relevant to current and future times. And not all sites use HSTS, btw. And most of them never will.

Edited October 4, 2022 by 13.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

HTTPS instead of HTTP as default protocol for links where protocol is not specified

Recommended Posts

aia

Randy Calvert

aia

Randy Calvert

aia

Recently Browsing 0 members

More