search

hbz / lobid

Linking Open Bibliographic Data
https://lobid.org/
Eclipse Public License 2.0
16 stars 4 forks source link

Only use https links in HTML #401

Open acka47 opened 5 years ago

acka47 commented 5 years ago

As switching to https everywhere with #352 wasn't a good idea, we should at least only use https links in the HTML (and maybe add redirects for lobid.org, lobid.org/resources, lobid.org/gnd and lobid.org/organisations) so that at least browsers have https everywhere.

[Edit: As I misunderstood how the pages currently work (i.e. with relative links), this issue comment was completely bogus at first. It's better now.]

Currently all three services use relative links, i.e. when you are on a http page the links are http, on a https page, the links are https. It would be great to enforce https links everywhere, even if you are starting on a http page.

Please open separate issues in the corresponding repos if needed.

dr0i commented 5 years ago

Also, on the team page (even with https) we should use https links to the member pages

yeah, but that means to have https enabled domains. E.g. mine isn't. And now to just link to them using https result in a SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE and in newer browser you cannot ignore that, meaning you can't lookup the page.

dr0i commented 5 years ago

The solution for the team-page, to have get a green secure lobid page, would be in not embedding pictures taken from http-domains but e.g. to copy the pictures locally and serve them from there.

acka47 commented 5 years ago

I was just talking about the links from the team page to the individual profiles. They are always http.

dr0i commented 5 years ago

@fsteeg I think the landing pages of resources, organisations and gnd are treated via their play app instances, yes? Then we shall open issues in the respected repos, like @acka47 said.

acka47 commented 5 years ago

Currently, the "language" icon (🌎) and the "information" icon (🛈) are broken in both chrome and firefox when viewing the non-https version, see http://lobid.org/. This would be solved when using https everywhere for this page (and for the landing apges of the three services).

acka47 commented 5 years ago

I think we should solve this issue with a redirect (https only) for the landing pages of lobid, team and the three services.

dr0i commented 5 years ago

Re "icons": these were fixed by setting the CORS header. @acka47 please ack.

acka47 commented 5 years ago

Re "icons": these were fixed by setting the CORS header. @acka47 please ack.

+1