backdrop-issues icon indicating copy to clipboard operation
backdrop-issues copied to clipboard
verified publisher icon backdrop

Link Module adding http and should be updated to https

Open albanycomputers opened this issue 1 year ago • 4 comments

Description of the bug/not really a bug, just outdated feature

Link Module adding http and should be updated to https

A short description of what the problem is. When adding the link to the View... is displays with http:// not https://

Steps To Reproduce

Add the "link" field to a content type. Add content to the content type and in the link do not include the protocol... i.e. https:// just the www........ image

Create a View using the content type Add the Link field to the view Change the field type to URL, as link When the View is displayed... image

Actual behavior

The protocol is automatically added to the URL... http:// is added this should be updated to https://

Expected behavior

As above

Additional information

link.module in core

Line 1054 Function

function link_cleanup_url($url, $protocol = 'http') {

image

The description links could also be updated... image

albanycomputers avatar Jul 09 '24 14:07 albanycomputers

I'm not sure if I agree with the suggestion. Even if https is quite common nowadays, we can't assume every site runs this way. So my question is, what is better: Point with http to sites running on https, or vice versa: point with https to sites running on http.

I'm not an expert, but I guess the latter would cause more common issues, as some browsers refuse to serve a http only site when you asked for a https URL. In contrast, the first case doesn't raise such problems: At least you reach the site, be it with http, or even with https, because many sites are configured to redirect you to the secure protocol.

olafgrabienski avatar Jul 09 '24 18:07 olafgrabienski

It is not even necessary to use the protocol for HTTP links: It is sufficient to use links without protocol.
A link like //en.wikipedia.org/wiki/Backdrop_CMS, on a site using https:// will point to https://en.wikipedia.org/wiki/Backdrop_CMS, but on a site using http:// it will point to http://en.wikipedia.org/wiki/Backdrop_CMS.

avpaderno avatar Jul 09 '24 19:07 avpaderno

Coming here from the Zulip thread ...like @olafgrabienski I have reservations about this change. I had a similar case at my day job, where the default for something in the infrastructure was http. I raised an internal ticket to fix this, and the reply was that it was by design: people that saw that warnings on their browsers can switch from http to https (manually), and there can also be automated redirects in place from http to https. The opposite though would be problematic if no SSL cert was in place - and that part of the infrastructure would need to work even before customers uploaded an SSL cert to their dashboard, which can be a thing during pre-launch phase of their website build or transfer for example, or even SSL cert expired before they got the chance to upload an new valid one.

I'd like to figure out a way to make this optional instead of hard-coded (a setting in the view perhaps if this only affects Views), or "smart" if possible. Something like perhaps detecting what protocol is currently in use, and then try to match that in this use case as well.

klonos avatar Jul 10 '24 09:07 klonos

Is there any way to make this optional instead of hard-coded?

Such decision can be done by checking global SERVER_PROTOCOL.

findlabnet avatar Jul 10 '24 09:07 findlabnet