@thomaszbz opened this Issue on February 14th 2017

A lot of links are still on http. Many of them get 301-redirected to https. Which is good: The 301-redirect should remain, to not break existing links somewhere in the wild.

But on web pages hosted by piwik, piwik should migrate the links to https, so that users get to the https version without being 301-redirected.

Reason:

  • Security: 301-redirects are requests which are requested and responded via http. Which is unencrypted, and more important, not safe against manipulation and not authenticating the server. E.g. MITM can manipulate the target URL to something phishy.

  • Performance: Reducing the number of 301-redirects which are actually executed every day improves the performance of a web page (saves a round trip for each and every 301 redirect). Performance is not the main point for me, just nice to have.

Now that piwik already 301-redirects most of its http links to https, a link checker can be taken to analyze all these 301-redirects and fix them to https where possible. That should work for all links to https-only web sites (including external links like e.g. links to twitter).

First impression: https://validator.w3.org/checklink?uri=https%3A%2F%2Fpiwik.org&hide_type=all&recursive=on&depth=5&check=Check

This issue is a follow-up to #8236

@mattab commented on February 21st 2017 Owner

Hi @thomaszbz
Thanks for the report. This should just now be fixed. Could you confirm please?

@thomaszbz commented on February 21st 2017

@mattab According to the W3C link checker, there are still links like

http://developer.piwik.org/ redirected to https://developer.piwik.org/
http://forum.piwik.org/ redirected to https://forum.piwik.org/
http://twitter.com/piwik redirected to https://twitter.com/piwik
@mattab commented on February 21st 2017 Owner

@thomaszbz tried to fix those as well now should be better?

@thomaszbz commented on February 21st 2017

@mattab Still many links left. Just run the W3C link checker (link in my first comment).

This Issue was closed on February 21st 2017
Powered by GitHub Issue Mirror