I just realized that when the site is accessed over http and https, it's basically like having 2 accounts. The browser has a local storage environment for each, and state is not shared across http and https accesses. This can get confusing if someone doesn't realize they did this, and http should probably be avoided anyway.
Since search engines are beginning to add ratings for whether or not a site is secure (not that cs-playground-react can be found be SEs yet :smile:), I think it makes sense to go in this direction, and surge does allow for forced https (for custom and non-custom domains alike). However, I'm not sure how many people are currently accessing the site over http (and I realized that my original Medium article - how most people learned about the site - linked to http://cs-playground-react, not https). So, if I force https now, many people might lose all of their progress if its stored in local storage associated with the http site. Probably should have thought of this from the beginning :angry: :skull: Although, I think I did this for a reason - I can't specifically remember, but I believe it was related to service workers.
Not that there's too many people using the site right now, but with 100 hits per day or so, some are bound to have lots of progress stored in http local storage. To help prepare for this change, let's add add a modal or non-autoclose toast (this might be better) when the newest changes get deployed, which will warn people that this change is coming on a specific date, to give them time to save their progress elsewhere if they'd like. I don't want to force https with no warning and have people lose progress, but overall, I think this will be a nice improvement.
I just realized that when the site is accessed over http and https, it's basically like having 2 accounts. The browser has a local storage environment for each, and state is not shared across http and https accesses. This can get confusing if someone doesn't realize they did this, and http should probably be avoided anyway.
Since search engines are beginning to add ratings for whether or not a site is secure (not that cs-playground-react can be found be SEs yet :smile:), I think it makes sense to go in this direction, and surge does allow for forced https (for custom and non-custom domains alike). However, I'm not sure how many people are currently accessing the site over http (and I realized that my original Medium article - how most people learned about the site - linked to http://cs-playground-react, not https). So, if I force https now, many people might lose all of their progress if its stored in local storage associated with the http site. Probably should have thought of this from the beginning :angry: :skull: Although, I think I did this for a reason - I can't specifically remember, but I believe it was related to service workers.
Not that there's too many people using the site right now, but with 100 hits per day or so, some are bound to have lots of progress stored in http local storage. To help prepare for this change, let's add add a modal or non-autoclose toast (this might be better) when the newest changes get deployed, which will warn people that this change is coming on a specific date, to give them time to save their progress elsewhere if they'd like. I don't want to force https with no warning and have people lose progress, but overall, I think this will be a nice improvement.