Bug 175685

Summary: HTTPS does not follow visitor among FreeBSD.org sub-domains
Product: Documentation Reporter: John W. O'Brien <john>
Component: Books & ArticlesAssignee: Wolfram Schneider <wosch>
Status: Closed FIXED    
Severity: Affects Only Me CC: wosch
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description John W. O'Brien 2013-01-29 22:20:00 UTC 
Thanks to the new SSL/TLS certificates for HTTPS on www.FreeBSD.org,
wiki.FreeBSD.org, svnweb.FreeBSD.org, and lists.FreeBSD.org (as noted in https://lists.freebsd.org/pipermail/freebsd-announce/2013-January/001452.html), visitors can enjoy improved security therein. However, links from one sub-domain to another, and in some cases within a given site, revert to unsecured HTTP.

In addition to the "How to repeat..." examples below, some other affected links I know of include: mirror selection, security advisories and errata notices, on the home page; "View or search problem reports" from Bug Reports; "browse" link from the mailing lists page, and then from a listinfo page to the associated archives; embedded man page references from all over (e.g. the Handbook); and submitting this very form.

How-To-Repeat: - Browse to https://www.freebsd.org/
- Do one of the following:
-- Use the search tool
-- Navigate using the main menus to Documentation->Manual Pages
-- ... Community->Forums
-- ... Developers->*
-- ... Support->Security Information
-- ... Support->Bug Reports
-- Etc
Comment 1 Remko Lodder freebsd_committer freebsd_triage 2014-02-24 11:48:26 UTC 
Responsible Changed
From-To: freebsd-www->freebsd-doc

redirect to doc, also, should we make links on the htdocs/ frontend 
just mention the /location.file instead of http://www.freebsd.org/ 
so that this behaviour is no longer seen?
Comment 2 Allan Jude 2014-02-24 18:25:42 UTC 
Another method that has become common in recent years is

<a href="//www.freebsd.org/blah/blah">

Which will keep the current protocol, be that HTTP or HTTPS

Although I am not sure how some of the more basic browsers like lynx
might handle that. Google et all use it for including javascript to
avoid 'mixed content'.


-- 
Allan Jude
Comment 3 John W. O'Brien 2017-04-06 23:04:07 UTC 
How can I help move this along?
Comment 4 Wolfram Schneider freebsd_committer freebsd_triage 2017-10-06 13:29:05 UTC 
So far, all the links mentions in this report are using now HTTPS. Lets close it.