Avoid serving web content over http:// when possible
Ideally all http:// requests would be permanently redirected to their https:// counterpart. It's mostly the case already (using X.509 certs from Let's Encrypt), but the TDF and LO websites are still serving pages over http://. (There is an HTTPS Everywhere rule for both, but we still want 301 redirects on our HTTPd.)
- hub.libreoffice.org, tdf.io, etc.: avoid the double redirect http://tdf.io/infra → https://tdf.io/infra → …
- dev-www and other dev tools: scripts don't always follow redirects (eg,
-Lflag) so we need to be careful not to break things.
- mirrorbrain: currently clients might be sent to http:// mirrors when visiting https://download.libreoffice.org (and vice versa); until all mirrors are HTTPS-cabable we probably want to keep serving http:// pages, but ideally https:// should be sent to https:// mirrors (assuming we have enough of them).
#1 Updated by Guilhem Moulin 5 months ago
- Related to Task #2340: LibreOffice download page - please change torrent file to be downloaded using https instead of current http link added
#2 Updated by Olivier Hallot 4 months ago
I grep'ed the source code sfx2 module and FWIW, here is the result WRT to hub.libreoffice.org. I think nothing is to change
tdf@olivier-ntbk:~/git/core/sfx2/source$ git grep hub
appl/appserv.cxx: OUString sURL("https://hub.libreoffice.org/send-feedback/?LOversion=" + utl::ConfigManager::getAboutBoxProductVersion() +
appl/appserv.cxx: OUString sURL("https://hub.libreoffice.org/forum/?LOlang=" + aLang);
appl/appserv.cxx: OUString sURL("https://hub.libreoffice.org/documentation/?LOlocale=" + utl::ConfigManager::getLocale());
appl/appserv.cxx: OUString sURL("https://hub.libreoffice.org/donation/?BCP47=" + aBcp47 + "&LOlang=" + aLang );
#3 Updated by Krasnaya Ploshchad’ . 4 months ago
To avoid this, I have installed Smart HTTPS add-on in my browser, then I enabled “Add Upgrade-Insecure-Requests header to ALL websites with HTTPS protocol” option. All requests would be forced using HTTPS firstly.
#4 Updated by Florian Effenberger 3 months ago
- Target version changed from Q3/2017 to Q4/2017
Given the other pending tasks for Q3 (e.g. further SSO deployments), and that this is a longer tasks, shifting to Q4
Olivier, if there are pages that are important for you specifically wrt. SEO, please let us know, and Guilhem can look if those can be prioritized
#5 Updated by Krasnaya Ploshchad’ . 3 months ago
Maybe we can also making certain links hardcoded in this way:
<a href="//example.com#contents">see contents</a>