Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] HTTPS links on wordpress blog post have S removed automatically, odd

Seth David Schoen schoen at
Thu May 5 10:11:30 PDT 2011

Frank Corrigan writes:

> I was setting up a 'secure' https contact page at:
> But when I post a link on the above blog page, it is overwritten by
> to remove the S in HTTPS, this is odd.

As an HTTPS Everywhere developer, I can tell you that a lot of sites
do this for some of their URLs.  Sometimes their practices even change
from day to day.  (For example, we had one popular site that worked in
HTTPS last week, but on Monday silently started redirecting all HTTPS
URLs to their HTTP equivalents.)  The "disappearing s" is the result
of the web server sending an HTTP redirect code to the browser, which
the browser then obeys.

The basic reason for these redirections is that site administrators
have a notion of which parts of their site "can" or "should" be
accessed securely.  (For example, some administrators think that
HTTPS is appropriate for login pages and not other pages.)  That
notion can change, or can get articulated more explicitly, and can
start getting enforced by redirects.  There is no general workaround
for the redirects: if a site is configured to refuse to serve you a
page securely, there's no way to force it to do so.

A few site operators simply didn't realize that users were accessing
their sites over HTTPS (!) and are somewhat surprised to get support
requests about it.

Seth Schoen
Senior Staff Technologist                         schoen at
Electronic Frontier Foundation          
454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107

More information about the liberationtech mailing list