Skip to content

Resolves #835 | Redirect to HTTPS#836

Merged
Fraenkiman merged 1 commit intoflatpressblog:masterfrom
Fraenkiman:Resolves-#835-Redirect-to-HTTPS
Mar 5, 2026
Merged

Resolves #835 | Redirect to HTTPS#836
Fraenkiman merged 1 commit intoflatpressblog:masterfrom
Fraenkiman:Resolves-#835-Redirect-to-HTTPS

Conversation

@Fraenkiman
Copy link
Collaborator

@Fraenkiman Fraenkiman commented Mar 5, 2026

Resolves #835 | Redirect to HTTPS

  • A downgrade case (HTTPS→HTTP) is problematic.
    • Once a browser has been on the host via HTTPS and HSTS takes effect (HSTS/CSP typically becomes active with HTTPS), the browser can no longer reliably revert to HTTP. So we discard the idea.
  • Therefore, we only perform an upgrade redirect (HTTP→HTTPS) if general[‘www’] == https://flatpress.org/ and the request is HTTP.
  • Furthermore, we do not put the redirect logic in the PrettyURLs plugin, as it is possible to deactivate the plugin. Therefore, the redirect logic is located in the core.connection.php file.

@Fraenkiman
Resolves flatpressblog#835 | Redirect to HTTPS
f95ca66 
Resolves flatpressblog#835 | Redirect to HTTPS

- A downgrade case (HTTPS→HTTP) is problematic.
    - Once a browser has been on the host via HTTPS and HSTS takes effect (HSTS/CSP typically becomes active with HTTPS), the browser can no longer reliably revert to HTTP. So we discard the idea.
- Therefore, we only perform an upgrade redirect (HTTP→HTTPS) if general[‘www’] == https://flatpress.org/ and the request is HTTP.
- Furthermore, we do not put the redirect logic in the PrettyURLs plugin, as it is possible to deactivate the plugin. Therefore, the redirect logic is located in the core.connection.php file.
@Fraenkiman Fraenkiman merged commit cccbd16 into flatpressblog:master Mar 5, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pretty URLs | Umleitung auf das richtige Protokoll (HTTP/ HTTPS)

1 participant

@Fraenkiman