# Http support?



## nocash123 (Feb 20, 2018)

Just noticed that http is no longer working, and gbatemp is now enforcing https - is that wanted, or did it happen by mistake?
Https has it's advantages, but personally, I would prefer to be kept allowed to use http as well.


----------



## Seriel (Feb 20, 2018)

The site started forcing https about 8 hours ago.
See here: https://gbatemp.net/threads/why-isnt-gbatemp-using-ssl.494651/#post-7842696


----------



## Scarlet (Feb 20, 2018)

nocash123 said:


> Just noticed that http is no longer working, and gbatemp is now enforcing https - is that wanted, or did it happen by mistake?
> Https has it's advantages, but personally, I would prefer to be kept allowed to use http as well.


Read the latter posts of this: https://gbatemp.net/threads/why-isnt-gbatemp-using-ssl.494651/

You should be able to use HTTP if you use a HTTP link to a non-portal page iirc


----------



## Seriel (Feb 20, 2018)

Scarlet said:


> Read the latter posts of this: https://gbatemp.net/threads/why-isnt-gbatemp-using-ssl.494651/
> 
> You should be able to use HTTP if you use a HTTP link to a non-portal page iirc


Nope, it's forced for everyone except Chinese visitors (As far as I can see and according to the post I linked)


----------



## Scarlet (Feb 20, 2018)

Seriel said:


> Nope, it's forced for everyone except Chinese visitors (As far as I can see and according to the post I linked)


Oh I thought Costello said it'd be too taxing to do it on every page. I just tried reloading this page on HTTP and got an unprotected connection according to Vivaldi, so I assume it didn't redirect?


----------



## Seriel (Feb 20, 2018)

Scarlet said:


> Oh I thought Costello said it'd be too taxing to do it on every page. I just tried reloading this page on HTTP and got an unprotected connection according to Vivaldi, so I assume it didn't redirect?


Oh that's weird, when I try to change this page to HTTP it just redirects to HTTPS. (using Firefox)


----------



## Scarlet (Feb 20, 2018)

Seriel said:


> Oh that's weird, when I try to change this page to HTTP it just redirects to HTTPS. (using Firefox)


Actually, now I look at it, it seems every thread puts me on an unprotected connection? Portal and forum lists are all protected. That's pretty strange.


----------



## Seriel (Feb 20, 2018)

Scarlet said:


> Actually, now I look at it, it seems every thread puts me on an unprotected connection? Portal and forum lists are all protected. That's pretty strange.


Firefox shows this, maybe its something to do with that:


----------



## Scarlet (Feb 20, 2018)

Seriel said:


> Firefox shows this, maybe its something to do with that:


That's probably it and I'm just being stupid. My apologies <3


----------



## Minox (Feb 21, 2018)

Scarlet said:


> That's probably it and I'm just being stupid. My apologies <3


That stems from having certain content like images being hosted offsite on http connections. Users linking to their own images in a topic would have that effect.


----------



## Costello (Feb 21, 2018)

can you specify why in particular you would want HTTP support ?
it should be possible to enable HTTP access for people who specifically need it, say, by setting up a cookie manually.
but if I'm going to do that, I'll need a valid reason... I dont like wasting my time


----------



## FAST6191 (Feb 21, 2018)

China is not the only country or business that screws with or otherwise dislikes SSL (some of the countries in Africa, the middle east and Asia that have some less than pleasant leadership), it is not quite as bad as losing China but some of those places do a fair line in the handhelds and members. Some devices which might still view/parse the forums fine don't support the Let's Encrypt CA or the PKCS #1 SHA-256 with RSA Encryption algo used (granted it was 2012 that such things hit so the excuses are fewer and fewer).

The old method of available for the peeps that want it and those that really care get to use https://www.eff.org/https-everywhere was pretty workable for those in the scenarios above. On the other hand I can see taking a stand here.


----------



## Costello (Feb 22, 2018)

FAST6191 said:


> China is not the only country or business that screws with or otherwise dislikes SSL (some of the countries in Africa, the middle east and Asia that have some less than pleasant leadership), it is not quite as bad as losing China but some of those places do a fair line in the handhelds and members. Some devices which might still view/parse the forums fine don't support the Let's Encrypt CA or the PKCS #1 SHA-256 with RSA Encryption algo used (granted it was 2012 that such things hit so the excuses are fewer and fewer).
> 
> The old method of available for the peeps that want it and those that really care get to use https://www.eff.org/https-everywhere was pretty workable for those in the scenarios above. On the other hand I can see taking a stand here.



China is special though because their "great firewall" blocks the majority of popular western society sites such as facebook, twitter, and whatnot, for the primary (yet unavowed) purpose of supporting the local economy. So all these websites have local equivalents that are hugely popular within the mainland. As a result, the vast majority of chinese people don't need to bypass the great firewall, they have all they want within the chinese internet.

In other countries though, when people face such limitations and dont have local alternatives, they will be more likely to resort to VPNs and proxies. In which case they'd be able to access our site normally. I don't know if you follow my logic.


----------



## ShadowOne333 (Feb 22, 2018)

HTTP might be usable for devices that dont fully support enforced https or letsencrypt.

The Wii U is one of those.
I used to browse the temp through the Wii U's browser (latest firmware version) through http://gbatemp.net
Now when I try that, it automatically redirects to HTTPS instead, giving me a 112-1035 error each time and making it impossible to browse the site from said device.


----------



## Costello (Feb 24, 2018)

ShadowOne333 said:


> HTTP might be usable for devices that dont fully support enforced https or letsencrypt.
> 
> The Wii U is one of those.
> I used to browse the temp through the Wii U's browser (latest firmware version) through http://gbatemp.net
> Now when I try that, it automatically redirects to HTTPS instead, giving me a 112-1035 error each time and making it impossible to browse the site from said device.


in case anyone else reads this message - I have already replied to it on another thread and added an exception for Nintendo browsers.

If anyone else has issues please let me know and provide as many details as you can.


----------



## ShadowOne333 (Feb 24, 2018)

Costello said:


> in case anyone else reads this message - I have already replied to it on another thread and added an exception for Nintendo browsers.
> 
> If anyone else has issues please let me know and provide as many details as you can.


It's working wonderfully! Writing this from my Wii U as well.
Thanks again!


----------



## nocash123 (Feb 28, 2018)

Costello said:


> can you specify why in particular you would want HTTP support ?
> it should be possible to enable HTTP access for people who specifically need it, say, by setting up a cookie manually.
> but if I'm going to do that, I'll need a valid reason... I dont like wasting my time


I cant access the https forum except by using some tablet without keyboard.


----------

