search

falling-fruit / falling-fruit-web

Mobile-friendly website for Falling Fruit
https://beta.fallingfruit.org
GNU General Public License v3.0
31 stars 12 forks source link

geolocation doesn't work on Firefox + HTTP site #377

Closed wbazant closed 3 months ago

wbazant commented 4 months ago

Both live and beta site issue, but I spotted it when playing with the beta site on mobile.

When accessing the live site by typing fallingfruit.org on Firefox, I get:

A Geolocation request can only be fulfilled in a secure context. in the console, and no "site wants to access your location" popup.

Meanwhile, I didn't reproduce the issue with Chrome, but I noticed that it does take me to HTTPS. There's apparently something like "HTTP Strict Transport Security" (https://superuser.com/a/881431) which is the name for the behaviour, and I guess it mitigates much of the severity of this issue since Chrome is a popular browser.

The proposed resolution is to modify server config to add a redirect of http to https for the root of the site, for live and beta sites.

ezwelty commented 3 months ago

@wbazant All external (non-localhost) http traffic on the server is now redirected to https. Does this fix the issue for you?

wbazant commented 3 months ago

Yes, it does - even explicitly typing HTTP in the address bar sends me to HTTPS, thanks for fixing!