ForumsQuestionsForums: Please for HTTPS

Forums: Please for HTTPS

Author	Message
The Dave	Posted: Jul 21, 2017 Score: 1 Reference The Dave Posted: Jul 21, 2017 Score: 1 Reference Could you please force the forums to use HTTPS when I am signed into an account with the same restriction? I am already signed in to Toodledo, and I require HTTPS for all actions. When I visit toodledo.com/forums, I'm taken to the HTTP version. Worse, when I click the link in "You must be signed In", I am redirected to http://www.toodledo.com/signin.php?redirect=/forums/index.php which is now asking for my credentials over HTTP. It would be ideal if the forums could either detect that I'm logged in to the HTTPS site, or at least have the "sign in" link take me to an HTTPS link (and oddly, if I change the signin link to HTTPS, it detects I am logged in and returns me to the HTTPS version of the forums). Another option, although you'll want to consider this careful: When a user has the "Encryption: Yes" on their account, have all requests return a HSTS header, such that my browser will always automatically redirect me to the HTTPS version of Toodledo, your servers will never even see a HTTP request. (Why don't I just use HTTPS myself? Well I could, but I didn't recall the URL of the forums and when I found it in my search engine, I ended up in the HTTP version, and since it wanted me to provide credentials over an unencrypted link, 1) My browser warned that this is insecure. It is. 2) My password manager refused to proceed because the credentials were saved from HTTPS, and it won't reveal HTTPS credentials over HTTP). Thanks for your time, and I hope that this is posted in an acceptable location, I didn't see a forum-specific forum.
Jake Toodledo Founder	Posted: Jul 21, 2017 Score: 0 Reference Jake (Founder) Posted: Jul 21, 2017 Score: 0 Reference This shouldnt be happening. I just clicked on the forums link in the account menu and it took me here with encryption still turned on. How are you navigating to the forums?

Author

Message

The Dave

Posted: Jul 21, 2017

Score: 1 Reference

The Dave
Posted: Jul 21, 2017
Score: 1
Reference

Could you please force the forums to use HTTPS when I am signed into an account with the same restriction?

I am already signed in to Toodledo, and I require HTTPS for all actions. When I visit toodledo.com/forums, I'm taken to the HTTP version. Worse, when I click the link in "You must be signed In", I am redirected to http://www.toodledo.com/signin.php?redirect=/forums/index.php which is now asking for my credentials over HTTP.

It would be ideal if the forums could either detect that I'm logged in to the HTTPS site, or at least have the "sign in" link take me to an HTTPS link (and oddly, if I change the signin link to HTTPS, it detects I am logged in and returns me to the HTTPS version of the forums).

Another option, although you'll want to consider this careful: When a user has the "Encryption: Yes" on their account, have all requests return a HSTS header, such that my browser will always automatically redirect me to the HTTPS version of Toodledo, your servers will never even see a HTTP request.

(Why don't I just use HTTPS myself? Well I could, but I didn't recall the URL of the forums and when I found it in my search engine, I ended up in the HTTP version, and since it wanted me to provide credentials over an unencrypted link, 1) My browser warned that this is insecure. It is. 2) My password manager refused to proceed because the credentials were saved from HTTPS, and it won't reveal HTTPS credentials over HTTP).

Thanks for your time, and I hope that this is posted in an acceptable location, I didn't see a forum-specific forum.

Jake

Toodledo Founder

Posted: Jul 21, 2017

Score: 0 Reference

Jake (Founder)
Posted: Jul 21, 2017
Score: 0
Reference

This shouldnt be happening. I just clicked on the forums link in the account menu and it took me here with encryption still turned on. How are you navigating to the forums?

You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.