2. Summary
  3. Files
  4. Support
  5. Report Spam
  6. Create account
  7. Log in
 
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #73: Trac's SSL urls are not friendly to newbies

bug This idea was marked as implemented on 25 November 09.
Written by bharat the 18 Jun 09 at 07:29. Related project: Nothing/Others. Status: Implemented
Rationale
Gallery developers are forced to use https urls for Trac. The natural thing to do is to cut and paste those urls and share them in our forums. We have many users who don't use SourceForge who click those urls and come to Trac, but since they are not logged in, what they see is a blank page and an authentication dialog.

At this point many of them don't even realize they're at SourceForge and so they have no indication what username/password combo is required and as a result they are very confused.

For many of our users, this is their first experience with SourceForge. They bounce right off leaving them with a very poor experience of us, and of SourceForge

36
votes
implemented
Selected solution (#1): Redirect all newbies to the equivalent http url
Written by bharat the 18 Jun 09 at 07:29.
When you arrive on an https url, if you're not authenticated, simply redirect the user to the equivalent non-https url. That will resolve the issue for most of our newbies immediately, and if a developer clicks the url they'll stay in https. Developers who are not logged in will have a slightly more complex experience since they'll have to click the login link instead of just typing in their credentials, but our users heavily outnumber the developers so it's a big win for our project.
-6
votes
implemented
Selected solution (#2): Stop using https urls for Trac
Written by bharat the 18 Jun 09 at 07:30.
This level of security is not warranted for our project. In the past, users could opt in to using an SSL experience, but the new hosted apps force it upon us. Allow projects to choose to disable SSL urls for their hosted apps.


Duplicates


Comments
tfry wrote on the 21 Jun 09 at 20:10
Of course the same applies to mediawiki, and probably most of the other availabled hosted apps as well. So it would be nice to have a generic solution for all hosted apps.

burley (Administrator) wrote on the 25 Nov 09 at 20:10
Greetings,

Today we put into place a generic solve that should account for these issues and others that are related. If a user accesses via HTTPS but without authentication (and doesn't pre-provide authentication) we forward them to the HTTP version of the page if it would load for them and not require auth. If the page requires auth, it'll send the user to a login form page rather than a HTTP basic auth form (however, the apps will still accept HTTP basic auth over HTTPS for automated tools, etc.).

Thank you,

David Burley
Systems Programmer/Analyst, SourceForge.net


Post your comment
Syndicate content

© 2012 Geeknet, Inc.   Terms of Use - Privacy Policy