Redirect HTTP Traffic to HTTPS

[jthomerson]

Following up on #80 would it no be possible to get http redirecting to https? Maybe even adding HSTS headers?

[epicfaace]

@handrews is this possible? Additionally, the description on this repo should have the https link, not http.

[handrews]

@epicfaace IIRC I think it's a github pages limitation? @Relequestual or @Anthropic might know? I've been focused on the spec rather than the website.

[epicfaace]

It's not a limitation (anymore). You need to check the "Enforce HTTPS" checkbox in the Github Pages settings page. If the checkbox is not present, the site is probably using an older version of Github Pages and you may need to disable Github Pages and then re-enable; then the checkbox will show up. https://help.github.com/en/articles/securing-your-github-pages-site-with-https#enforcing-https-for-your-github-pages-site

Let me know if you'd like me to help.

[handrews]

@epicfaace Oh, now I remember- the problem is that the older specs specifically use http://... for the meta-schema URIs. We can't just change that. New drafts will use https://...

I'm pretty sure this is actually a WONTFIX, since we can't selectively enforce it.

[epicfaace]

@epicfaace Oh, now I remember- the problem is that the older specs specifically use http://... for the meta-schema URIs. We can't just change that. New drafts will use https://...

That should be fine -- doing "force HTTPS" on Github pages simply redirects all http:// links to https://

[handrews]

@epicfaace while technically implementations should not automatically retrieve the meta-schemas from the canonical URI, if they do, it should still work and not break by suddenly returning a redirect.

[Relequestual]

I can't see any reason to NOT do this.
"transparently redirect" is what is claimed.

@handrews Older specs specifically use http as opposed to https, true, but given the redirects are seamless... I don't see it as a problem.
Is there still an objection? Where would this potentially cause a problem?

[handrews]

Where would this potentially cause a problem?

I'm sure someone will complain about it but I don't care enough to argue over it.

[philsturgeon]

Redirecting with proper redirects seems fine to me.

[handrews]

@philsturgeon @Relequestual as long as y'all deal with the people who complain it's fine with me.

[Relequestual]

Yup, send them my way.
Same applies for anything you don’t want to deal with =]

[Relequestual]

Done!

[Relequestual]

It looks like this got undone at some point: json-schema-org/community#39
Currently the GitHub UI has disabled the checkbox with a warning.
Investigation needed.

[jviotti]

@Relequestual What is the warning that GitHub shows?

[Relequestual]

Unavailable for your site because your domain is not properly configured to support HTTPS (json-schema.org) — Troubleshooting custom domains

Just requires someone to investigate. If you have the time, feel free!

[jviotti]

According to the docs, some of the DNS records might not be set correctly. I'm not sure what hosting provider is used by JSON Schema, but this is how my personal website (hosted on GitHub Pages) is configured with HTTPS enabled on Namecheap:

[karenetheridge]

https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https

[benjagm]

Closed as completed with the new website.