1. Are you ready for the Galaxy S20? Here is everything we know so far!

Android Forums doesn't automatically redirect to HTTPS site

Discussion in 'Suggestion Box & Feedback' started by ajhk, Feb 15, 2021.

  1. ajhk

    ajhk Newbie
    Thread Starter

    Hey. When you type "androidforums.com" into the address bar (in both Firefox and Chrome, haven't tested other browsers), the page does load, but it isn't automatically redirected to the secure https://androidforums.com version of the website. This is a bit of a security/privacy threat. I have to manually type into the address bar https://androidforums.com.
     


    James L likes this.

    1. Download the Forums for Android™ app!


      Download

       
  2. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

    is this on your computer or android device? on my computer it auto directs me to the more secure connection when i just type the androidforums.com.....on chrome
     
    MrJavi, James L and Dannydet like this.
  3. ajhk

    ajhk Newbie
    Thread Starter

    On my computer. Just tried it in Edge too, but the same problem persists.
     
  4. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

    do you have the padlock icon before the web address?
     
    NightAngel79, James L and Dannydet like this.
  5. Dannydet

    Dannydet Extreme Android User

    Never happened for me
     
    James L likes this.
  6. James L

    James L Android Expert

    You could use Brave browser, it has a option to enable an auto redirect from http to https.

    I use brave they pay you to show ads unlike Chrome etc. I convert the bat rewards into Bitcoin lol.
     
    ocnbrze likes this.
  7. ajhk

    ajhk Newbie
    Thread Starter

    I'm content with Firefox. I don't really trust Brave, especially since the affiliate link controversy. It's also based on Chromium and I don't really want to give even more control over the web to Google.

    Only when I manually type "https://" in front. Let me try some more troubleshooting later. Maybe I just need to clear site data and cookies for this particular website.
     
  8. ajhk

    ajhk Newbie
    Thread Starter

    Tried it with all extensions disabled and site data cleared, but still the same behavior.
     
  9. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

    well i'm not sure then. it works on my work computer, home computer, and laptop. are you on your home wifi? at work?
     
    MrJavi and Dannydet like this.
  10. ajhk

    ajhk Newbie
    Thread Starter

    I'm on my home wifi. Could someone else test in a clean browser (i.e. all extensions disabled, signed out of androidforums.com, and all cookies and site data cleared)? Could it be that you are automatically redirected to the HTTPS site because it autocompletes the URL for you from your browsing history? I can't think of a reason why it wouldn't do it for me too in four different web browsers (Firefox, Chrome, Edge and IE).
     
  11. jasonmerc

    jasonmerc Well-Known Member
    Recognized Developer

    I noticed when logging in that there's no HTTPS anymore on the AndroidForums website if you haven't logged in yet. This could pose a risk, as I'm not sure when it transitions to HTTPS during the login phase. If you're sending the username and password for the site BEFORE it switches to HTTPS, then that means our credentials are sent via cleartext

    If the site admins could address this that would be great

    EDIT: looks like my post got put into Android Lounge, I'm not sure why this happened. Sorry about putting it in the wrong place, if a moderator or something wants to correct this please feel free
     
    MrJavi, Unforgiven and Dannydet like this.
  12. Unforgiven

    Unforgiven ...eschew obfuscation...
    Moderator

    I merged you into an existing conversation on this topic.
     
    NightAngel79, MrJavi and jasonmerc like this.
  13. jasonmerc

    jasonmerc Well-Known Member
    Recognized Developer

    Thanks for the merge. I've tested this on multiple devices, multiple browsers, incognito... you name it. Before I sign in, it does not direct me to the HTTPS site. Even when I have the HTTPS Everywhere extension which is supposed to force it, it still doesn't redirect me to HTTPS until I log in
     
  14. Unforgiven

    Unforgiven ...eschew obfuscation...
    Moderator

    That's strange. I just opened an incognito window in Chrome, typed androidforums.com and went straight to the secured site. I tried in Edge and went to the unsecured site.
     
    MrJavi likes this.
  15. jasonmerc

    jasonmerc Well-Known Member
    Recognized Developer

    A solution I found was to get the addon HTTPS Everywhere, and then in its settings enable the "Encrypt All Sites Eligible" so that the icon turns red. This properly forces everything to HTTPS.
     
    Unforgiven likes this.
  16. NightAngel79

    NightAngel79 Bounty Hunter
    Administrator

    @Rob

    Seeing the same behavior.

    @OCN my work machine adds in padlock and slips in https without actually showing me (screenshot below). But if I copy the url with http it loads unsecure.

    Pinging Rob, this is a Owner change.


    upload_2021-3-16_11-5-11.png
     
    Unforgiven likes this.
Loading...

Share This Page

Loading...