Force HTTPS

2 replies [Last post]
Lyberta
Lyberta's picture
User offline. Last seen 2 years 12 weeks ago. Offline
Joined: 2016-09-10
Posts: 177

I've noticed that you use Let's Encrypt but the whole site is available via HTTP and search engines list HTTP version. I've found about HTTPS version by manually typing it. I suggest forcing users to use HTTPS as HTTP is horribly insecure.

Here's the .htaccess for Apache:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Firework
User offline. Last seen 3 years 49 weeks ago. Offline
Joined: 2013-01-11
Posts: 34

I would also like to see HTTPS used on the Hedgewars web site. Web browsers indicate much more prominently now when a web page is accessed unsecurely with HTTP. When I log into the Hedgewars web site, Firefox shows me this message:

"The connection is not secure. Logins entered here could be compromised."

Wuzzy
Wuzzy's picture
User offline. Last seen 17 weeks 6 hours ago. Offline
Joined: 2012-06-20
Posts: 1271

I agree.

Hi, I am a Hedgewars developer. Smile

Copyright © 2004-2021 Hedgewars Project. All rights reserved. [ contact ]