What on earth are people trying to solve here? I really don't get it.tepples wrote:I've added a private custom profile field "Redirect to HTTPS" of type Boolean. How easy would it be to wire up automatic redirection if and only if this is checked?
If the problem is with all the sites being forcably redirected from HTTP to HTTPS, then yes, I maintain that was a very bad choice (yes I was aware of it after the server upgrade, but obviously did not test everything -- I figured it was done for the forum and only the forum); I get the impression that was being done in nginx. There are an extremely large number of caveats/problems created by HTTP-to-HTTPS redirection, many of which aren't noticed until after-the-fact (these threads are proof).
"Migrating" from HTTP to HTTPS is something that can happen on a per-site basis, but as I've stated in the past, I disagree heavily with the "HTTPS everywhere" mentality.
The sites should've remained as they were originally -- HTTP -- and HTTPS added later so that it could be tested (and quirks/kinks/changes be worked out in advance for a full migration if needed/wanted).
What exactly are we trying to solve with moving all the sites to HTTPS? Are people *that* concerned about their forum and wiki credentials being compromised by mysterious intermediary forces? Because I'm completely sure that shady ISPs and compromised backbone providers are collecting all the L/Ps as to destroy everything related to nesdev. *blinks repeatedly*