Automatic HTTPS overwrites
12-25-23, 01:30 PM
#1
Mostly harmless ™
Thread Starter
Join Date: Nov 2010
Location: Novi Sad
Posts: 4,430
Bikes: Heavy, with friction shifters
Mentioned: 22 Post(s)
Tagged: 0 Thread(s)
Quoted: 1107 Post(s)
Liked 216 Times
in
130 Posts
Automatic HTTPS overwrites
I don't mind HTTPS default. I even have my browser set to warn of (not block) any non secure sites, so I know and can decide about any potential risks.
My issue is with BF's filter. When posting a link BF offers the option of HTTP or other protocols which may be applicable. However, after the post is up a short while, it automatically changes to HTTPS.
This is unnecessarily frustrating to folks who are left wondering why their link doesn't work anymore, even though they took a moment to test it immediately after posting. This "gotcha" fooled both the Gremlin and I even as we tried various alternate ways to point to the site.
IMO. If you're going to block all HTTP sites, which is fair enough, don't offer the protocol option.
My issue is with BF's filter. When posting a link BF offers the option of HTTP or other protocols which may be applicable. However, after the post is up a short while, it automatically changes to HTTPS.
This is unnecessarily frustrating to folks who are left wondering why their link doesn't work anymore, even though they took a moment to test it immediately after posting. This "gotcha" fooled both the Gremlin and I even as we tried various alternate ways to point to the site.
IMO. If you're going to block all HTTP sites, which is fair enough, don't offer the protocol option.
Generally, in 99 out of 100 cases, automatic https overwrites are a good thing.
People don't include the whole link when copy/pasting is one scenario (so the "https://" part gets omitted).
Or, people posting a http link to a site that supports the https.
For the forum itself, some browsers may show warnings about "mixed content" if there is a non-https link on a page.
Though based on my latest test, today, browsers (for) now seem to be fine with this - no warnings.
That's why, for a forum, that gets user-generated links in great numbers, it makes perfect sense to do the automated https rewrites.
It may be the lesser evil compared to not doing the re-writes.
So, don't know if you agree, the main problem is the link insertion interface - that lets you use and insert http links, but then they get re-written.
I believe it is a bit tricky to edit the forum software to behave differently (forbid non https link insertion for example).
BikeForums is a treasure of cycling-related knowledge, and I would fear to touch anything while it works - colour me conservative.
My "Solomon's" solution is very basic (and I would say, quite silly):
https://bike.bikegremlin.com/bikeforums/
Relja
Last edited by Bike Gremlin; 12-25-23 at 01:39 PM.
12-25-23, 01:49 PM
#2
Senior Member
Join Date: Apr 2009
Location: New Rochelle, NY
Posts: 38,725
Bikes: too many bikes from 1967 10s (5x2)Frejus to a Sumitomo Ti/Chorus aluminum 10s (10x2), plus one non-susp mtn bike I use as my commuter
Mentioned: 140 Post(s)
Tagged: 1 Thread(s)
Quoted: 5792 Post(s)
Liked 2,582 Times
in
1,432 Posts
Hope you'll forgive my long-windedness, but I'm used to looking at problems from all sides (the power of negative thinking LOL ), so here's more drivel (thinking out loud basically):
Generally, in 99 out of 100 cases, automatic https overwrites are a good thing.
People don't include the whole link when copy/pasting is one scenario (so the "https://" part gets omitted).
Or, people posting a http link to a site that supports the https.
For the forum itself, some browsers may show warnings about "mixed content" if there is a non-https link on a page.
Though based on my latest test, today, browsers (for) now seem to be fine with this - no warnings.
That's why, for a forum, that gets user-generated links in great numbers, it makes perfect sense to do the automated https rewrites.
It may be the lesser evil compared to not doing the re-writes.
So, don't know if you agree, the main problem is the link insertion interface - that lets you use and insert http links, but then they get re-written.
I believe it is a bit tricky to edit the forum software to behave differently (forbid non https link insertion for example).
BikeForums is a treasure of cycling-related knowledge, and I would fear to touch anything while it works - colour me conservative.
My "Solomon's" solution is very basic (and I would say, quite silly):
https://bike.bikegremlin.com/bikeforums/
Relja
Generally, in 99 out of 100 cases, automatic https overwrites are a good thing.
People don't include the whole link when copy/pasting is one scenario (so the "https://" part gets omitted).
Or, people posting a http link to a site that supports the https.
For the forum itself, some browsers may show warnings about "mixed content" if there is a non-https link on a page.
Though based on my latest test, today, browsers (for) now seem to be fine with this - no warnings.
That's why, for a forum, that gets user-generated links in great numbers, it makes perfect sense to do the automated https rewrites.
It may be the lesser evil compared to not doing the re-writes.
So, don't know if you agree, the main problem is the link insertion interface - that lets you use and insert http links, but then they get re-written.
I believe it is a bit tricky to edit the forum software to behave differently (forbid non https link insertion for example).
BikeForums is a treasure of cycling-related knowledge, and I would fear to touch anything while it works - colour me conservative.
My "Solomon's" solution is very basic (and I would say, quite silly):
https://bike.bikegremlin.com/bikeforums/
Relja
So, don't offer a choice if you don't intend to accept it.
For my part, I don't like or trust blind hyperlinks and BF is one of the few places I use them.
Folks who email me anything with a link, including birthday cards, eventually learn that they have to send a separate confirming message saying what it is. Even then, it's no assurance I'll trust it
Side note. I have an ongoing "war" with my bank, which periodically sends emails warning about phishing scams. Yet they also send me emails with links. IMO they're subliminally grooming their clients to be phished.
Last edited by FBinNY; 12-25-23 at 01:56 PM.
Likes For FBinNY:
12-25-23, 01:52 PM
#3
Mostly harmless ™
Thread Starter
Join Date: Nov 2010
Location: Novi Sad
Posts: 4,430
Bikes: Heavy, with friction shifters
Mentioned: 22 Post(s)
Tagged: 0 Thread(s)
Quoted: 1107 Post(s)
Liked 216 Times
in
130 Posts
Actually, my issue is much simpler. the link module has a drop down menu which includes an HTTP option.
So, don't offer a choice if you don't intend to accept it.
For my part, I don't like or trust blind hyperlinks and BF is one of the few places I use them.
Folks who email me anything with a link, including birthday cards, eventually learn that they have to send a separate confirming message saying what it is.
So, don't offer a choice if you don't intend to accept it.
For my part, I don't like or trust blind hyperlinks and BF is one of the few places I use them.
Folks who email me anything with a link, including birthday cards, eventually learn that they have to send a separate confirming message saying what it is.
I'm just not sure if that's an easy thing to change in the forum's software (forbid the http option and add a warning if a non-https link gets copy/pasted).
Relja
12-25-23, 02:02 PM
#4
Senior Member
Join Date: Apr 2009
Location: New Rochelle, NY
Posts: 38,725
Bikes: too many bikes from 1967 10s (5x2)Frejus to a Sumitomo Ti/Chorus aluminum 10s (10x2), plus one non-susp mtn bike I use as my commuter
Mentioned: 140 Post(s)
Tagged: 1 Thread(s)
Quoted: 5792 Post(s)
Liked 2,582 Times
in
1,432 Posts
Though it was frustrating, and will continue to be because there's lots of good info I might want to link to on vintage sites, it's a very minor issue.
The real frustration for both of us was from not knowing, and struggling to figure out what we were doing wrong.
That's behind me and now knowing, I'll simply find alternate solutions.
The real frustration for both of us was from not knowing, and struggling to figure out what we were doing wrong.
That's behind me and now knowing, I'll simply find alternate solutions.
__________________
FB
Chain-L site
An ounce of diagnosis is worth a pound of cure.
Just because I'm tired of arguing, doesn't mean you're right.
“One accurate measurement is worth a thousand expert opinions” - Adm Grace Murray Hopper - USN
WARNING, I'm from New York. Thin skinned people should maintain safe distance.
FB
Chain-L site
An ounce of diagnosis is worth a pound of cure.
Just because I'm tired of arguing, doesn't mean you're right.
“One accurate measurement is worth a thousand expert opinions” - Adm Grace Murray Hopper - USN
WARNING, I'm from New York. Thin skinned people should maintain safe distance.
Likes For FBinNY:
12-26-23, 05:39 PM
#5
Administrator
Join Date: Sep 2015
Posts: 437
Mentioned: 29 Post(s)
Tagged: 0 Thread(s)
Quoted: 223 Post(s)
Liked 224 Times
in
146 Posts
Though it was frustrating, and will continue to be because there's lots of good info I might want to link to on vintage sites, it's a very minor issue.
The real frustration for both of us was from not knowing, and struggling to figure out what we were doing wrong.
That's behind me and now knowing, I'll simply find alternate solutions.
The real frustration for both of us was from not knowing, and struggling to figure out what we were doing wrong.
That's behind me and now knowing, I'll simply find alternate solutions.
