Recent

Author Topic: [SOLVED] Forum suggestion - Implement https in notifications  (Read 380 times)

Hansaplast

  • Hero Member
  • *****
  • Posts: 534
  • Tweaking4All.com
    • Tweaking4All
[SOLVED] Forum suggestion - Implement https in notifications
« on: April 06, 2019, 09:10:40 am »
I'm not too familiar with SMF, and do not believe this issue is of the highest priority, but it would be nice that when we receive notifications (follow up posts, PM's, etc) with HTTPS links right away instead of HTTP links.
The forum already works with HTTPS, just the links in the notifications still use HTTP.
« Last Edit: April 07, 2019, 12:13:24 pm by Hansaplast »

rvk

  • Hero Member
  • *****
  • Posts: 3693
Re: Forum suggestion - Implement https in notifications
« Reply #1 on: April 06, 2019, 01:34:33 pm »
Yeah, I also mentioned that in the past.

And to top it all of there are also 2 domain-names in circulation.
forum.lazarus-ide.org and forum.lazarus.freepascal.org

It's a real mess when you click a link in the mail and you need to login again (and even insecurely).

I think the link in the mail comes domain the person posting visited.

But maybe it's time to force HTTP to HTTPS (with preservation of the rest of the URL so links on the internet are still valid). Even forcing forum.lazarus-ide.org to forum.lazarus.freepascal.org with preservation of the second part should be possible.

Hansaplast

  • Hero Member
  • *****
  • Posts: 534
  • Tweaking4All.com
    • Tweaking4All
Re: Forum suggestion - Implement https in notifications
« Reply #2 on: April 06, 2019, 05:20:47 pm »


Good catch - I just noticed the different links as well.
I just got 2 notifications with links to 2 different domains, and one with, and one without https.


Redirection to HTTPS and the preferred domain can be done with .htaccess (worse case scenario).
I presume that redirecting in .htaccess will "force" users to the right domain, and enforce https.
This in turn will then automatically resolve the links in the email issue.


I'm using this on my own website to enforcing https:


Code: [Select]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


A quick look with Mr.Google gave me this for domain redirection, but I have never used it;


Code: [Select]
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^OLDDOMAIN\.com$ [NC]
RewriteRule ^(.*)$ https://NEWDOMAIN.com [R=301,L]

Marc

  • Administrator
  • Hero Member
  • *
  • Posts: 2496
Re: Forum suggestion - Implement https in notifications
« Reply #3 on: April 06, 2019, 05:56:34 pm »
No need for .htaccess, a redirect permanent in the vritual host will do and is easier  :)

Anyway all lazarus-ide sites are redirected to https now.
Second, since this forum is shared with FPC too, the forum URL is now forum.lazarus.freepascal.org
All others are redirected to this one.
//--
{$I stdsig.inc}
//-I still can't read someones mind
//-Bugs reported here will be forgotten. Use the bug tracker

Hansaplast

  • Hero Member
  • *****
  • Posts: 534
  • Tweaking4All.com
    • Tweaking4All
Re: Forum suggestion - Implement https in notifications
« Reply #4 on: April 06, 2019, 08:39:56 pm »
Oh wow, that's quick! Thanks Marc!  :)