English Amiga Board


Go Back   English Amiga Board > abime.net - Home Projects > project.EAB

 
 
Thread Tools
Old 14 January 2022, 15:26   #1
Anubis
Retro Gamer

Anubis's Avatar
 
Join Date: Jan 2005
Location: Underworld
Age: 49
Posts: 3,367
Add http redirect to https

Can you please add http redirect for https site?


For some reason browser defaults to http and trows 404 error.
Anubis is offline  
Old 14 January 2022, 16:48   #2
gimbal
cheeky scoundrel

gimbal's Avatar
 
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 40
Posts: 4,688
But what 404's? The http route works just fine for me. I want the redirect because I'm too lazy to type it out myself
gimbal is offline  
Old 14 January 2022, 17:48   #3
Radertified
Registered User
 
Join Date: Jan 2011
Location: -
Posts: 651
The http:// site works fine for me. There's something wrong on your end if it doesn't work.

Making the site redirect http:// redirect to https:// could hurt Amiga browsers. Whether or not that matters is up to RCK and the rest.
Radertified is offline  
Old 14 January 2022, 18:16   #4
gimbal
cheeky scoundrel

gimbal's Avatar
 
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 40
Posts: 4,688
Maybe redirect is the wrong word, the default protocol that should be picked if all you type in is "eab.abime.net" should be https. If you type http:// then that should just go to the http site because that is what you specifically ask for.
gimbal is offline  
Old 14 January 2022, 18:59   #5
deimos
Registered User

 
Join Date: Jul 2018
Location: Under the floorboards.
Posts: 728
Quote:
Originally Posted by gimbal View Post
Maybe redirect is the wrong word, the default protocol that should be picked if all you type in is "eab.abime.net" should be https. If you type http:// then that should just go to the http site because that is what you specifically ask for.
Redirect is the right word.

The problem is that it would have to be for all non-https requests to eab.abime.net, there's no way to infer the user's intent.

(I believe) the only way to make eab.abime.net "secure", but allow people who insist that it must also be "insecure", would be to move the insecure part to a separate hostname, and also ensure that no cookies will be shared between the two (sharing cookies between secure and insecure sites negates much of the security), and all that would have negative impacts on other things, and stuff.

Maybe there are other options. Maybe there's a header that can tell recent browsers to prefer https. I don't know, I've been out of the game for a while.
deimos is offline  
Old 14 January 2022, 19:27   #6
desiv
Registered User
 
Join Date: Oct 2009
Location: Salem, OR
Posts: 1,404
I would think that would be a client issue.
It is the browser that decides what protocol to use if you only type in the domain name with no HTTP: or HTTPS:

So that sounds like a browser issue.
As mentioned, a redirect on the server side would probably break all HTTP, because it would be redirecting it to HTTPS.
desiv is offline  
Old 14 January 2022, 19:43   #7
deimos
Registered User

 
Join Date: Jul 2018
Location: Under the floorboards.
Posts: 728
Quote:
Originally Posted by desiv View Post
I would think that would be a client issue.
It is the browser that decides what protocol to use if you only type in the domain name with no HTTP: or HTTPS:

So that sounds like a browser issue.
As mentioned, a redirect on the server side would probably break all HTTP, because it would be redirecting it to HTTPS.
You'd think so, but no, https-first is a new thing, and relies on people running up-to-date software (on an Amiga forum). The only way to fix security is to do it on the server side. Clients can't be trusted.
deimos is offline  
Old 14 January 2022, 20:07   #8
NoX1911
2064
NoX1911's Avatar
 
Join Date: Jul 2005
Location: de
Posts: 220
As far as i know there are only two methods to do that on the server-side. Port redirect and HSTS. Both do not allow optional HTTP.
NoX1911 is offline  
Old 14 January 2022, 20:51   #9
deimos
Registered User

 
Join Date: Jul 2018
Location: Under the floorboards.
Posts: 728
Quote:
Originally Posted by NoX1911 View Post
As far as i know there are only two methods to do that on the server-side. Port redirect and HSTS. Both do not allow optional HTTP.
I'm not sure what you could mean by "port redirect", but HSTS looks like the magical header that I'd hoped for a couple of posts ago. It still requires that HTTP exists though, and that it doesn't emit any cookies or private information.
deimos is offline  
Old 14 January 2022, 21:15   #10
NoX1911
2064
NoX1911's Avatar
 
Join Date: Jul 2005
Location: de
Posts: 220
Quote:
Originally Posted by deimos View Post
I'm not sure what you could mean by "port redirect"
Server redirection of port 80 (http) to 443 (https) via http/301 or similar.
You enter the site by "http://" and the server replies with "Go to https:// instead" and your browser does so.

Quote:
Originally Posted by deimos View Post
HSTS looks like the magical header that I'd hoped for a couple of posts ago.
If the below quote is true its probably not what we want. Firefox has a file in the profile folder (SiteSecurityServiceState.txt) that remembers the server-side requested hsts/https state (for a specific time). If that entry is valid there is no way to enter the site by http (that's enforced by the client/firefox. That's how HSTS is intended).
Edit: On the other hand, Amiga browser is not Firefox. It could theoretically ignore HSTS. But that's a quirk. Getting 'hurt by redirection' is a major quirk as well though. I can't tell anything about Amiga browsers though. Not sure what's wrong with them.
Quote:
Originally Posted by Radertified View Post
Making the site redirect http:// redirect to https:// could hurt Amiga browsers.

Last edited by NoX1911; 14 January 2022 at 21:29.
NoX1911 is offline  
Old 15 January 2022, 00:01   #11
Anubis
Retro Gamer

Anubis's Avatar
 
Join Date: Jan 2005
Location: Underworld
Age: 49
Posts: 3,367
Reason I posted this as I had the same thing happen on 3 computers (work, gaming and laptop I use at home) and after further check, it seems it is one of cookies that caused 404 - Page not found error. Removing cookies fixed this.

If anyone else has the same problem, just remove cookies.

I still think that https should have president over http access to site. (be first to be reached if you just type eab.abime.net )
Anubis is offline  
Old 15 January 2022, 04:35   #12
coldacid
WinUAE 4000/40, V4SA
coldacid's Avatar
 
Join Date: Apr 2020
Location: Candinavia
Posts: 439
HTTPS versus HTTP should be decided by the browser if you don't explicitly specify that you want one or the other. Not everyone accessing this site has a browser that does HTTPS, especially if they're connecting from their Amiga.
coldacid is offline  
Old 16 January 2022, 16:36   #13
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 48
Posts: 4,446
It seems 404 error on EAB is not linked to https at all. At least, not for me.
And no link with cookies either.

If i try :
http://eab.abime.net/
then i get 404.

But if i do :
http://eab.abime.net/index.php
then it works...
meynaf is offline  
Old 16 January 2022, 18:48   #14
hooverphonique
ex. demoscener "Bigmama"

 
Join Date: Jun 2012
Location: Fyn / Denmark
Posts: 1,308
Quote:
Originally Posted by meynaf View Post
If i try :
http://eab.abime.net/
then i get 404.

But if i do :
http://eab.abime.net/index.php
then it works...

Same here (Firefox 96)...

Last edited by hooverphonique; 17 January 2022 at 17:50. Reason: add browser version
hooverphonique is offline  
Old 16 January 2022, 19:50   #15
zipper
Registered User
 
Join Date: Mar 2004
Location: finland
Posts: 1,722
Both do work - Firefox, Chrome and Edge. And IB2.4 on WinUAE...
zipper is offline  
Old 17 January 2022, 12:38   #16
gimbal
cheeky scoundrel

gimbal's Avatar
 
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 40
Posts: 4,688
In this other thread 404 problems are being linked specifically to Firefox usage
gimbal is offline  
Old 17 January 2022, 17:53   #17
hooverphonique
ex. demoscener "Bigmama"

 
Join Date: Jun 2012
Location: Fyn / Denmark
Posts: 1,308
Quote:
Originally Posted by zipper View Post
Both do work - Firefox, Chrome and Edge. And IB2.4 on WinUAE...
When using https, yes. using http://eab.abime.net on firefox results in 404 - I'm pretty sure that wasn't the case a week ago.
hooverphonique is offline  
Old 17 January 2022, 19:16   #18
NoX1911
2064
NoX1911's Avatar
 
Join Date: Jul 2005
Location: de
Posts: 220
Http works properly here as well. Maybe try a new Firefox profile for testing.
The forum was down for 24h some days ago (the IRC server seems still down. At least the top banner has it still removed). Maybe there are still side-effects out there.
NoX1911 is offline  
Old 17 January 2022, 22:19   #19
zipper
Registered User
 
Join Date: Mar 2004
Location: finland
Posts: 1,722
http://eab.abime.net/ redirects to https on my Firefox as I checked.
zipper is offline  
Old 21 January 2022, 11:35   #20
RCK
Administrator

RCK's Avatar
 
Join Date: Feb 2001
Location: Paris / France
Age: 43
Posts: 3,004
I won't force any https:// redirection on server side.
EAB is available to full HTTP or full HTTPS :

http://eab.abime.net/
https://eab.abime.net/

I just tested both url with Firefox 96 and Chrome 97 without any problem
So if your browser don't let you access the HTTP version, clean your cache and reset your privacy options.

edit: see FF96 screenshot with http://eab.abime.net
Attached Thumbnails
Click image for larger version

Name:	firefox96_http_ok.png
Views:	11
Size:	215.0 KB
ID:	74491  
RCK is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
CD32 NVRAM redirect BigMacDaddy New to Emulation or Amiga scene 17 17 March 2021 22:18
HOL on HTTPS CodyJarrett HOL suggestions and feedback 13 01 March 2021 11:37
Why is https:// not supported here? hugo_nl project.EAB 32 19 October 2019 20:13
How to redirect the output of IconX to a file tygre support.Apps 8 10 July 2011 06:29
CU Amiga Feb 1994 redirect mistake spirit AMR data problems 3 24 September 2007 10:44

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 17:21.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, vBulletin Solutions Inc.
Page generated in 0.09403 seconds with 16 queries