The insecure site http://forum.autonomi.community does not automatically redirect to https://forum.autonomi.community when it used to.
Please ensure this redirect happens for the security and privacy of all users.
3 Likes
I just tried it and it does redirect for me.
also safenetforum.org redirects too. (without http://)
using firefox without the addon to force https
2 Likes
I reproduced this on two browsers in several different āmodesā. Not sure why itās redirecting for you, maybe a long-lived HSTS header which I donāt have?
chrome
chrome incognito
chrome guest
firefox
firefox private mode
2 Likes
Not sure what is happening. Are you using a business/uni network? Can you redirect other non-https urls to the https version?
I just tried chrome (all of this on 2 machines) and it works.
When done on firefox I actually see the http version accessed then it moves to https version after 1/4 second or so like other redirects do.
So what the issue is beyond me at the moment.
EDIT: Just tried a virtual machine (windows) that Iāve never accessed the forum from (with noscript installed) and saw the redirect occur and gave me the message I need to enable javascript (app could not load)
2 Likes
Both responses are status 200 when Iād expect a 301 from http to https
Also check the Server header below (why is it different?!)
Any difference with the response headers youāre seeing?
http headers
ian@ian-desktop:~ $ curl -I http://forum.autonomi.community
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 Apr 2018 02:54:02 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Discourse-Route: list/latest
Cache-Control: no-store, must-revalidate, no-cache, private
X-Request-Id: 71cd1be7-30c4-47bf-be75-0bce048163f4
X-Runtime: 0.156217
Referrer-Policy: no-referrer-when-downgrade
Discourse-Proxy-ID: app-router-tiehunter07
https headers
ian@ian-desktop:~ $ curl -I https://forum.autonomi.community
HTTP/1.1 200 OK
Server: nginx/1.13.11
Date: Thu, 12 Apr 2018 02:54:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Discourse-Route: list/latest
Cache-Control: no-store, must-revalidate, no-cache, private
X-Request-Id: 15f0d1c7-9ee3-4418-bd88-a6b3a22cf7e6
X-Runtime: 0.137216
Referrer-Policy: no-referrer-when-downgrade
Discourse-Proxy-ID: app-router-tiehunter07
1 Like
Standard residential ADSL network.
Yes. eg http://iancoleman.io redirects for me to https
1 Like
I have tested this on 2 windows systems with Vivaldi and Firefox with https everywhere disabled.
They all redirect just fine.
1 Like
Iām able to reproduce this issue in Chrome and Firefox when opening http://forum.autonomi.community in a new incognito/private window.
I just contacted the Discourse team, Iāll let you know when they fix this issue (Iām pretty sure the redirect from HTTP to HTTPS was working fine before). Thank you @mav for letting us know about this 
2 Likes
I get the same.
I am going to try adding the firfox ID in the curl to see if nginx reacts differently. (after lunch that is)
1 Like
Adding āuser-agentā and/or referrer makes no difference.
So firefox and chrome must have been testing for https without being asked to.
The Discourse team just re-enabled the redirect from HTTP to HTTPS. They said this was caused by our DNS looking wrong to them since itās at the root domain. It should be fixed now.
3 Likes
Yes it looks fixed from here, thanks for arranging it.
3 Likes