Is there some way the back-end can turn all partial links in posts ( example.com ) into https links ( https://www.example.com )??
As it seems that they are made into http:// links, which leads to all sorts of mess when http://example.com outgoing requests fail for many users clicking-on from the post.
( Or, check the generated target address and amend to the correct protocol to get there? )
Thanks, first question, sorry if repeat but I can’t see anything succinctly this.
mitch
It seems like it’s time to make those links https by default. This might be a feature request.
Please no. Out there is a lot of sites that are using http, because they just don’t need SSL.
Would this be another casual job for search&replace? Or am I misunderstanding everything again?
Plus I’m worrying kind of edge situation where Discourse is using its own VPS and front of it is another VPS where is reverse proxy. Those will talk to each other without SSL quite often.
But that is totally different situation, right? But I start to be a bit jumpy everytime there is something default that can change for me familiar abbreviations…
I think you’re wrong that those sites don’t need https. There is no excuse not to make your site secure now.
But it looks like I’m wrong that this should be a feature request. The browser rather than discourse should handle forcing to https.
I’m pretty sure that modern browsers prioritize HTTPS over HTTP by default.
Also, many websites server-side will redirect to HTTPS or use HSTS header.
I don’t think I am wrong when we are talking about reality.
Need for securing connections between servers using SSL when data is not including anything that need to secure is worth of another topic. But is totally off topic here, though.
But saying to users that sorry, you can’t link because 3rd party isn’t using port 443 is just bad idea. It is not admin’s or not even discourse’s job to say what someone should or must do.
Yes if it is there. And some household routers/modems are configured to use only https and that is actually really annoying. Because not every site follows Google’s want to use SSL everywhere and partly hecause so many platform serves old links using http and those stubid boxes can’t rewrite url.
So before any feature discussion there should be another meta topic first: is it responsibility of forum platform force to use SSL for outbound links.
After that technical solution is reasonable easy, I reckon — but again, I’m not a dev.
But back to topic.
So search&replace isn’t acute solution? But I don’t follow now… again… is the real issue how Discourse automatically forms links if just plain url is given? Is so, then I backup a little and yes, automatically there should be https — but it must be editable.
Checking if http (and https with a similar function) is possible, using just the head of the target page, code copied from:
def check_http_url(url):
HTTP_URL = f'http://{url}'
try:
HTTP_URL = urlparse(HTTP_URL)
connection = HTTPConnection(HTTP_URL.netloc)
connection.request('HEAD', HTTP_URL.path)
if connection.getresponse():
return True
else:
return False
except:
return False
So with that (translated to Ruby if I recall), Discourse back-end could find out if the target of a partial link given in a post is https or http, then (with a preference for https) open the correct target link for the user?