Zum Inhalt der Seite gehen


@Friendica Developers@Friendica Support

I just noticed some issues with the plink (link to source) and the scheme handling of the plink.

I don't know if it is a wrong configured server setting but when I want to visit an item of @Hypolite on Friendica through "link to source" I will redirected to his page with the scheme http instead of https. With the scheme http I get some 'Access-Control-Allow-Origin' errors and the awesome font icons aren't loaded

My question is, should we really remove the scheme from the plink? Even if its a public post why shouldn't we use a secure transport protocol if it is available?
In this particular case, I believe it's more an issue on my part to not redirect HTTP to HTTPS although I set my Friendica instance to be HTTPS-only. The problem is that you can't guess this setting just from the post you want to see the source from, so we have to assume HTTP, beyond that it's up to the web server configuration to redirect to the secure version if it exists.
The problem is that you can't guess this setting just from the post you want to see the source from
Just for understanding: Why? In the item table the link of the plink column does have the correct scheme.
Then it's different and I'm actually more confused: why is it rewriting the source links to strip https?
I know that it was done for internal links. I don't know why it was done in this case for external links (https://github.com/friendica/friendica/blob/develop/include/text.php#L1535)
We don't know if SSL is available or not. So we really should propagate the correct scheme.
It only removes it when the link is internal - but there is a bug in the function.