Visiting the iiif.io site over https causes the site not to work #417
Comments
|
Propose to use a Lets Encrypt cert and have both http and https serve the same content directly (rather than redirecting). |
|
Is this approach to help w/ backward compatibility? Why not redirect? Should we create an issue for the 3.x.x APIs to change URIs for the context, etc. to https? |
|
Redirecting out of https to http seems not ideal. But our URIs are all HTTP, for contexts and other identifiers. And lots of redirects will just slow down the site with more requests. Hopefully http2 will be firmly in place by the time we get to 3.x and the http/https distinction will be irrelevant (everything will be +s) |
|
I think for now we should make both http and https work for the whole website, no redirects. At some stage in the future (perhaps 3.x) we should make all URIs https. My sense from reading https://httpwg.github.io/specs/rfc7540.html#discover-http is that this is good even if http/2 has caught on, but perhaps the solution for dealing with http will be upgrade and not redirect? Anyway for now we kick that down the line a bit |
#601. Since breaking changes for auth and search are still allowed, should we make those HTTPS now? |
|
I think it would be good to make all new URIs https... provided they work |
|
I think it would be confusing to have some http and some https ... people would get them round the wrong way. Better to be consistent when there's no technical requirement to be divergent, IMO. |
zimeon
changed the title
|
This is still the case, https://iiif.io/ does not work. Current best practice is to make all websites natively https, with http open just to redirect. |
|
⬆️ |
|
Moved to IIIF/website#11 . Closing |
I get "this webpage is not available" in Chrome.
The text was updated successfully, but these errors were encountered: