Force HTTPS

2 replies [Last post]
Lyberta
Lyberta's picture
User offline. Last seen 1 year 13 weeks ago. Offline
Joined: 2016-09-10
Posts: 177

I've noticed that you use Let's Encrypt but the whole site is available via HTTP and search engines list HTTP version. I've found about HTTPS version by manually typing it. I suggest forcing users to use HTTPS as HTTP is horribly insecure.

Here's the .htaccess for Apache:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Firework
User offline. Last seen 1 year 32 weeks ago. Offline
Joined: 2013-01-11
Posts: 34

I would also like to see HTTPS used on the Hedgewars web site. Web browsers indicate much more prominently now when a web page is accessed unsecurely with HTTP. When I log into the Hedgewars web site, Firefox shows me this message:

"The connection is not secure. Logins entered here could be compromised."

Wuzzy
Wuzzy's picture
User offline. Last seen 11 hours 3 min ago. Offline
Joined: 2012-06-20
Posts: 1190

I agree.

Hi, I am a Hedgewars developer. Smile I accept personal donations in bitcoin. Heart 17fsUywHxeMHKG41UFfu34F1rAxZcrVoqH

Copyright © 2004-2017 Hedgewars Project. All rights reserved. [ contact ]