Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP links: avoid 301 redirects to HTTPS #11343

Closed
thomaszbz opened this issue Feb 14, 2017 · 4 comments
Closed

HTTP links: avoid 301 redirects to HTTPS #11343

thomaszbz opened this issue Feb 14, 2017 · 4 comments
Labels
c: Website matomo.org For issues related to our matomo.org website. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
3.0.2

Comments

@thomaszbz
Copy link

thomaszbz commented Feb 14, 2017
edited

A lot of links are still on http. Many of them get 301-redirected to https. Which is good: The 301-redirect should remain, to not break existing links somewhere in the wild.

But on web pages hosted by piwik, piwik should migrate the links to https, so that users get to the https version without being 301-redirected.

Reason:

  • Security: 301-redirects are requests which are requested and responded via http. Which is unencrypted, and more important, not safe against manipulation and not authenticating the server. E.g. MITM can manipulate the target URL to something phishy.

  • Performance: Reducing the number of 301-redirects which are actually executed every day improves the performance of a web page (saves a round trip for each and every 301 redirect). Performance is not the main point for me, just nice to have.

Now that piwik already 301-redirects most of its http links to https, a link checker can be taken to analyze all these 301-redirects and fix them to https where possible. That should work for all links to https-only web sites (including external links like e.g. links to twitter).

First impression: https://validator.w3.org/checklink?uri=https%3A%2F%2Fpiwik.org&hide_type=all&recursive=on&depth=5&check=Check

This issue is a follow-up to #8236
@mattab
Copy link
Member

mattab commented Feb 21, 2017

Hi @thomaszbz
Thanks for the report. This should just now be fixed. Could you confirm please?

@mattab mattab closed this as completed Feb 21, 2017
@mattab mattab added this to the 3.0.2 milestone Feb 21, 2017
@mattab mattab added c: Website matomo.org For issues related to our matomo.org website. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. labels Feb 21, 2017
@thomaszbz
Copy link
Author

thomaszbz commented Feb 21, 2017
edited

@mattab According to the W3C link checker, there are still links like

http://developer.piwik.org/ redirected to https://developer.piwik.org/
http://forum.piwik.org/ redirected to https://forum.piwik.org/
http://twitter.com/piwik redirected to https://twitter.com/piwik

@mattab
Copy link
Member

mattab commented Feb 21, 2017

@thomaszbz tried to fix those as well now should be better?

@thomaszbz
Copy link
Author

@mattab Still many links left. Just run the W3C link checker (link in my first comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Website matomo.org For issues related to our matomo.org website. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
3.0.2
Development

No branches or pull requests
2 participants
@mattab @thomaszbz