After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 779118 - disable redirect from https to http
disable redirect from https to http
Status: RESOLVED OBSOLETE
Product: website
Classification: Infrastructure
Component: planet.gnome.org
current
Other All
: Normal enhancement
: ---
Assigned To: Planet GNOME maintainers
Planet GNOME maintainers
Depends on:
Blocks:
 
 
Reported: 2017-02-23 04:44 UTC by Paul Wise
Modified: 2018-09-24 10:52 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Paul Wise 2017-02-23 04:44:47 UTC
Please disable the redirect from https://planet.gnome.org/ (secure) to  http://planet.gnome.org/ (insecure). All GNOME resources should be available over HTTPS.
Comment 1 Paul Wise 2017-02-23 04:47:32 UTC
Someone from the GNOME community who noticed this too:

http://nibblestew.blogspot.com/2017/02/enabling-https-is-easy.html
Comment 2 Paul Menzel 2017-03-01 10:03:16 UTC
(In reply to Paul Wise from comment #1)
> Someone from the GNOME community who noticed this too:
> 
> http://nibblestew.blogspot.com/2017/02/enabling-https-is-easy.html

Also available over https://nibblestew.blogspot.com/2017/02/enabling-https-is-easy.html.
Comment 3 Paul Menzel 2017-03-01 10:05:25 UTC
(In reply to Paul Wise from comment #0)
> Please disable the redirect from https://planet.gnome.org/ (secure) to 
> http://planet.gnome.org/ (insecure). All GNOME resources should be available
> over HTTPS.

I think the problem is, that not all aggregated posts are accessible securely over HTTPS. It would be possible to make secure access to the blog posts a requirement. No idea if that is wanted.
Comment 4 Paul Wise 2017-03-05 05:57:24 UTC
It would indeed be better to upgrade all the feeds to https but I think that the download method that Planet GNOME uses internally is a different issue to how it serves visitors.

The main issue with supporting https will be that various resources in the posts themselves will not be over https.

This issue can't be fixed by switching the feed URLs to https though, since the posts themselves could still contain resources loaded over http.

This issue can be dealt with by just not redirecting http to https on Planet GNOME and letting the few https users experience issues, which they are probably used to.

There is also the much more complicated option of caching all images and other external resources on the Planet GNOME server and rewriting all the links to them in the posts.

Either way, I don't think that should get in the way of allowing folks to use https if they want to, instead of redirecting them to the insecure version.
Comment 5 GNOME Infrastructure Team 2018-09-24 10:52:34 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/Infrastructure/Websites/issues/209.