HTTPS

Discussion in 'Suggestions & Bug Reports' started by TUSF, Mar 27, 2016.

  1. TUSF

    TUSF Well-Known Member

    Joined:
    Oct 20, 2015
    Messages:
    323
    Likes Received:
    236
    Reading List:
    Link
    So, there are two issues when attempting to reach the website through HTTPS.

    First off, the forum is completely unreachable on HTTPS.

    Second, the main site is broken (at least on Chrome) when trying to access the site securely. The reason for this, is because all links, such as URLs, images, CSS and Javascript, assume that the website is being accessed through HTTP. This mostly amazes me, because it's strange that all of the URLs are absolute paths, (http://www.novelupdates.com/wp-includes/js/comment-reply.min.js?ver=4.4.2) instead of relative paths. (wp-includes/js/comment-reply.min.js?ver=4.4.2)

    When accessing a site through HTTPS, a standards-compliant browser blocks access to any non-HTTPS connections, for security. To fix this, replace the URL schema with one of the following:
    Code:
    //website.com/path/to/file
    or
    Code:
    path/to/file
    The first is just a removal of the protocol (no HTTP or HTTPS), and lets the browser decide which to use (typically the one you're currently using). This format is better for linking to remote sites or subdomains.

    The second is pretty straightforward, and is best for links to the same website.
    I actually wonder why the site uses absolute links everywhere.
     
    braiam likes this.
  2. Tony

    Tony Moderator Staff Member

    Joined:
    Oct 20, 2015
    Messages:
    5,019
    Likes Received:
    44,724
    Reading List:
    Link
    NU is built on the WordPress framework. Andrew Nacin, the lead core developer of WordPress can explain it better than me:

    I also found this post from Yoast (I used to use his plugins) - https://yoast.com/dev-blog/relative-urls-issues/
     
  3. TUSF

    TUSF Well-Known Member

    Joined:
    Oct 20, 2015
    Messages:
    323
    Likes Received:
    236
    Reading List:
    Link
    Then what about converting all URLs to omit the protocol, to avoid mix-content issues? (omitting the "http" or "https" all together) Pretty much all browsers support this.
     
  4. braiam

    braiam Active Member

    Joined:
    Oct 20, 2015
    Messages:
    18
    Likes Received:
    8
    Reading List:
    Link
    Or better yet: use https for all the assets! Specially, if they are static. That is the first step towards moving to https.