813692 - Update all redirects to blog.mozilla.org to https

Status: RESOLVED FIXED

(www.mozilla.org :: General, defect, P4)

Description

[Paul [:pmac] McLanahan]

Currently all of the redirects in .htaccess in the mozilla.com repo are to `http://blog.mozilla.org/...`. This results in an additional redirect to https. We should just update these.

Comment 1

[Paul [:pmac] McLanahan]

Adding trailing slashes would be nice as well.

Comment 2

[Kohei Yoshino]

blog.mozilla.org is (still) accessible both with http and https. And my patch in Bug 798611 intends to replace all http(s) hard links.

Comment 3

[Kohei Yoshino]

Marking WONTFIX for now, per comment 2. Please reopen if appropriate.

Comment 4

[Paul [:pmac] McLanahan]

We should still update the redirects even if we update the hard links. I don't see how blog.m.o being accessible over http is relevant. I agree this isn't a priority, but we should do it at some point.

Comment 5

[raymond [:retornam] (inactive)]

Attachment: first-patch

This changes all the blog links to https://

Comment 6

[Kohei Yoshino]

The original request was avoiding "an additional redirect to https". Some sites like AMO, MDN and MozillaWiki are using https only, so it makes sense to hardcode https.

But blog.m.o is accessible via http. I think forcing https doesn't make sense. Using https for blog.m.o has been requested in Bug 866936 bug the discussion is inactive.

Some blogs have comment forms. The submittion should be secure, of course. That's Bug 866994.

My patch in Bug 798611 intends to redirect to https://blog.mozilla.org/ only if users are on https://www.mozilla.org/ in order to deliver a consistent experience on Mozilla properties. If users are on http://www.mozilla.org/, it's acceptable to redirect to http://blog.mozilla.org/ until Bug 866936 is resolved.

That's why I marked this bug WONTFIX.

Comment 7

[Paul [:pmac] McLanahan]

I just don't agree. We should move toward security whenever possible. www.mozilla.org will go to it as soon as we can, as well the blogs should. I'd like to side on making the user as safe as possible and that means giving them https whenever we can. We'll need to do this whenever the blogs do go to https. When I filed this I'm pretty sure it's because I was redirected to https for some blog page. It's possible I was wrong about that, but I think the work is still worth doing.

Comment 8

[Kohei Yoshino]

You mean Bug 358384 and Bug 796109 will be resolved in the near future? There's no active discussion right now.

Comment 9

[Paul [:pmac] McLanahan]

Comment on attachment 758801 [details] [diff] [review]
first-patch

Review of attachment 758801 [details] [diff] [review]:
-----------------------------------------------------------------

This looks great. Thanks!

Comment 10

[Kohei Yoshino]

Attachment: pull request

Comment 11

[[github robot]]

Commits pushed to master at https://github.com/mozilla/bedrock

https://github.com/mozilla/bedrock/commit/d821e31ac7ed5e5853e55d11abc9acb299e71b5e
Fix Bug 813692 - Update all redirects to blog.mozilla.org to https

https://github.com/mozilla/bedrock/commit/de8db2594901b5dbb0167f167d32561054ec50c9
Merge pull request #4065 from kyoshino/bug-813692-blog-https

Fix Bug 813692 - Update all redirects to blog.mozilla.org to https