Hey. When you type "androidforums.com" into the address bar (in both Firefox and Chrome, haven't tested other browsers), the page does load, but it isn't automatically redirected to the secure https://androidforums.com version of the website. This is a bit of a security/privacy threat. I have to manually type into the address bar https://androidforums.com.
Android Forums doesn't automatically redirect to HTTPS site
- Thread starter ajhk
- Start date
is this on your computer or android device? on my computer it auto directs me to the more secure connection when i just type the androidforums.com.....on chrome
do you have the padlock icon before the web address?
I'm content with Firefox. I don't really trust Brave, especially since the affiliate link controversy. It's also based on Chromium and I don't really want to give even more control over the web to Google.
Only when I manually type "https://" in front. Let me try some more troubleshooting later. Maybe I just need to clear site data and cookies for this particular website.
well i'm not sure then. it works on my work computer, home computer, and laptop. are you on your home wifi? at work?
I'm on my home wifi. Could someone else test in a clean browser (i.e. all extensions disabled, signed out of androidforums.com, and all cookies and site data cleared)? Could it be that you are automatically redirected to the HTTPS site because it autocompletes the URL for you from your browsing history? I can't think of a reason why it wouldn't do it for me too in four different web browsers (Firefox, Chrome, Edge and IE).
D
Deleted User
Guest
I noticed when logging in that there's no HTTPS anymore on the AndroidForums website if you haven't logged in yet. This could pose a risk, as I'm not sure when it transitions to HTTPS during the login phase. If you're sending the username and password for the site BEFORE it switches to HTTPS, then that means our credentials are sent via cleartext
If the site admins could address this that would be great
EDIT: looks like my post got put into Android Lounge, I'm not sure why this happened. Sorry about putting it in the wrong place, if a moderator or something wants to correct this please feel free
If the site admins could address this that would be great
EDIT: looks like my post got put into Android Lounge, I'm not sure why this happened. Sorry about putting it in the wrong place, if a moderator or something wants to correct this please feel free
I merged you into an existing conversation on this topic.
D
Deleted User
Guest
Thanks for the merge. I've tested this on multiple devices, multiple browsers, incognito... you name it. Before I sign in, it does not direct me to the HTTPS site. Even when I have the HTTPS Everywhere extension which is supposed to force it, it still doesn't redirect me to HTTPS until I log in
That's strange. I just opened an incognito window in Chrome, typed androidforums.com and went straight to the secured site. I tried in Edge and went to the unsecured site.
D
Deleted User
Guest
A solution I found was to get the addon HTTPS Everywhere, and then in its settings enable the "Encrypt All Sites Eligible" so that the icon turns red. This properly forces everything to HTTPS.
@Rob
Seeing the same behavior.
@OCN my work machine adds in padlock and slips in https without actually showing me (screenshot below). But if I copy the url with http it loads unsecure.
Pinging Rob, this is a Owner change.
Seeing the same behavior.
@OCN my work machine adds in padlock and slips in https without actually showing me (screenshot below). But if I copy the url with http it loads unsecure.
Pinging Rob, this is a Owner change.
