Implemented HTTPS Votes To Pass Google Friendly Links

kapearl

Member
I'm getting more and more https members joining every week. https members can't get through the gateway page w/my default voting method (google friendly links). Luckily there is a workaround but it's still cumbersome.

I've got instructions up all over my site and in the welcome email for any HTTPS bloggers to use to use a special voting link vs the homepage link but it's generally ignored. I would love to see in a future version http and https members be able to all use the google friendly voting link.

The system makes it easy enough to add messages, warnings, alternative banners, etc but I'm surprised how many members never see them and just email that my site is broken.
 

Mark

Administrator
Staff member
https does not pass referrer to http protocol. However, if you install SSL certificate on your VisioList and have your https members link to your https visiolist I *think* referrer tracking should work with Google friendly links. May also need to add this meta tag to your child wrapper

Code:
<meta name="Referrer" content="origin">
if you test it, lmk how it goes... quite curious about this
 

kapearl

Member
So still a difference for links but a definite improvement and easier to explain. Adding it to my to do list!
 

Mark

Administrator
Staff member
well if you install SSL then you could update your list URL to use https, that way all of your members going forward would link to https://

The tricky part is if you put a redirect from http to https to force all traffic to https we might lose the referring domain for those linking to http, but I think we should be able to workaround this.

basically the ideal solution is install SSL, update list URL to https//, then write a script to pass the referrer along (if needed) so old members do not need to change their link code but you would be able to track incoming links to/from both http and https. I'll happily work with you to get this sorted out in the most elegant possible way, VisioList needs complete SSL support.
 

cajkan

Active Member
I've tried to use this, since it's protection all your traffic that you are sending to your users will not be visible via Google Analytics. So your users might think that you don't provide any value or any traffic.
You should be careful when using this.
 

Mark

Administrator
Staff member
I've tried to use this, since it's protection all your traffic that you are sending to your users will not be visible via Google Analytics. So your users might think that you don't provide any value or any traffic.
You should be careful when using this.
interesting point, and very true if the Visiolist list https but the member site is http. If the destination site is also https, I believe analytics will be able to track the referrer traffic as normal.

its a trade off :) with more and more sites going https (and it seems very soon all sites might be https thanks to letsencrypt.org) it will be more and more important to support full https
 

kapearl

Member
I just got an email from Google about login pages getting warnings if they're not HTTPS.

"Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive."

As of now that's pretty much every Visiolist page for me since I have a login for. So this brings up the https question again. Should I turn off the login box in the template and just use https for the member area?
 

Mark

Administrator
Staff member
I just got an email from Google about login pages getting warnings if they're not HTTPS.

"Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive."

As of now that's pretty much every Visiolist page for me since I have a login for. So this brings up the https question again. Should I turn off the login box in the template and just use https for the member area?
Interesting, as predicted, the entire web will be SSL very quickly especially with letsencrypt gaining so much momentum. Already my hosting platform now provides free SSL to all shared clients, I'm sure most cPanel hosts will (or already) do the same. This is great news as all sites will have access to SSL sooner than later which makes referrer tracking easier.

To solve the new Chrome warning, you should be able to change the form action on all login forms as follow:

Code:
<form action="{$list_url}"
to
Code:
<form action="https://yourdomain"
I will add a new template tag in the next release: {$secure_list_url} which will provide https for these cases.
 

morrigan

I put the "Cute" in "execute"!
As long as you have the most recent version of cPanel you can provide free HTTPS to all domains on your server. On my Server it's Comodo SSL certificates and it works fabulously.
 

cajkan

Active Member
@morrigan have you tested if HTTPS shows to other websites as referral ?
Example:
Website A (HTTPS) --> Sends traffic --> Website B

Will Website B be able to view referral, I've tested like 1 year ago and it wasnt showing anything
 

morrigan

I put the "Cute" in "execute"!
Sorry I was throwing in my HTTPS stuff but HTTPS -> HTTP referrers are normally lost. That's because the data is no longer encrypted and the unencrypted site can't read the encrypted data (at least my understanding of it).
 

Mark

Administrator
Staff member
Sorry I was throwing in my HTTPS stuff but HTTPS -> HTTP referrers are normally lost. That's because the data is no longer encrypted and the unencrypted site can't read the encrypted data (at least my understanding of it).
correct,
HTTPS -> HTTPS should work fine
HTTP -> HTTP works fine
HTTP -> HTTPS does not
 

xryskom

Member
i m running HTTPS 2 days now...some pages should be changing from http to https to remove that warning on the lock...as far as ica see everything running normal no issues at all...
 
Top