|
|
|
|
|
|
by ozfive
2915 days ago
|
|
|
I can, because I just converted a site to https, which had a combination of relative and absolute href and src parameters on it in a confused manner. This was combined with html embedded in table records. It wasn't a simple search and replace task since several admin functionalities were also included in the site. Think about all of the sites that have relevant information that aren't selling anything that would love to get things like this fixed, but just can't throw money at the problem. Before you say oh it shouldn't cost that much. Think about where some of these sites are hosted and for how little. Some people don't even have the means to pay for such a fix, but they have important information to share. This probably should have been a rule applied to sites that sell things and not sites that just have information. I am all for making money, but I also feel like doing some charity work for this problem as well. I heard the deadline is the 24th. Anyone else interested in doing this collectively for a couple sites? |
|
|
Just add an upgrade-insecure-requests header to your webserver config, boom. No search and replacing needed.
https://www.w3.org/TR/upgrade-insecure-requests/
It's been added for exactly your usecase:
> Most notably, mixed content checking [MIX] has the potential to cause real headache for administrators tasked with moving substantial amounts of legacy content onto HTTPS. In particular, going through old content and rewriting resource URLs manually is a huge undertaking.
I mean, uh sure, I'll volunteer to move your sites to https, but I don't think giving a random dude on the internet root access to fix the webserver config is a good idea ;-)