Page 1 of 1
Can you make sure the website always forces https/ssl?
Posted: 01 May 2020 21:52
by lwc
Both
http://videolan.org and
http://www.videolan.org don't redirect to https.
The former just adds www and the latter doesn't do any redirection.
As result, anyone that uses them (manually or through outdated external links, e-mail, instant messaging, etc.) browses the website in a non secure way.
Can please you fix this?
Re: Can you make sure the website always forces https/ssl?
Posted: 19 Jun 2020 17:47
by Jean-Baptiste Kempf
Sorry, but no.
Re: Can you make sure the website always forces https/ssl?
Posted: 17 Jul 2020 12:29
by lwc
Sorry, but no.
What do you mean, why not? Moral issues aside, it might also be illegal in Europe due to GDPR.
Re: Can you make sure the website always forces https/ssl?
Posted: 19 Jul 2020 18:27
by Jean-Baptiste Kempf
Sorry, but no.
What do you mean, why not? Moral issues aside, it might also be illegal in Europe due to GDPR.
Because that would break old clients, who cannot read HTTPS.
As for GDPR, seeing that we hold or collect no information on users, I doubt it applies.
Re: Can you make sure the website always forces https/ssl?
Posted: 21 Jul 2020 09:20
by lwc
Well, the very notion of using cookies and registering users might constitute holding information.
Plus there are the moral issues - the sacrifice of privacy to please old clients.
And you also gradually risk getting hurt or blocked in search engines and browsers.
Re: Can you make sure the website always forces https/ssl?
Posted: 21 Jul 2020 18:05
by Jean-Baptiste Kempf
Well, the very notion of using cookies and registering users might constitute holding information.
Plus there are the moral issues - the sacrifice of privacy to please old clients.
And you also gradually risk getting hurt or blocked in search engines and browsers.
No, search engines and normal users go directly to the HTTPS version.
Also, we don't register users.
Re: Can you make sure the website always forces https/ssl?
Posted: 21 Jul 2020 22:55
by lwc
Also, we don't register users.
I meant you let users register themselves, filling in passwords, etc.
Re: Can you make sure the website always forces https/ssl?
Posted: 28 Jul 2020 10:10
by Jean-Baptiste Kempf
Also, we don't register users.
I meant you let users register themselves, filling in passwords, etc.
No we don't. Forum and Wiki and Gitlab are the only places where you can register an account, and those have HTTPS rules since a long time. Only the main site does not.
Re: Can you make sure the website always forces https/ssl?
Posted: 07 Feb 2021 23:36
by lwc
I have a more minor request - https://www.videolan.org/vlc/download-windows.html contains a link called "our archives".
It links to https://download.videolan.org/pub/videolan/vlc - the problem is it then does a second redirect to http://download.videolan.org/pub/videolan/vlc/ (instead of https://download.videolan.org/pub/videolan/vlc/).
Since the original link is https can you make sure it keeps linking to https?
It's a really simple fix - just make "our archives" link to https://download.videolan.org/pub/videolan/vlc/ with a slash at the end, that's it. The missing slash is what causes this issue.