Https-everywhere: heise.de is completely accessible via HTTPS

Created on 22 Sep 2016 · 6Comments · Source: EFForg/https-everywhere

There shouldn't be any part of heise.de, that is not fully encrypted. Opening http://heise.de/ automatically redirects to https://www.heise.de/

I tried some of the stuff listed as problematic and couldn't find any issue any longer.

Please change the rules accordingly.

ruleset-enhancement

Source

TheRealCuran

Most helpful comment

Now there is an official announcement: https://www.heise.de/newsticker/meldung/Verschluesselung-heise-online-und-Heise-Onlinedienste-per-HTTPS-erreichbar-3331421.html

The problems mentioned above still persist. I notified the guys at heise.de

e-dschungel on 26 Sep 2016

👍4

All 6 comments

I am already working on it in #6963 .
The "completely" part is not true yet, you still get mixed content warnings and some domains
do not work with TLS or have incomplete chains.
It also doesn't always redirect to HTTPS and it is not yet officially announced, so handle with care.

numismatika on 22 Sep 2016

The "completely" part is not true yet, you still get mixed content warnings and some domains
do not work with TLS or have incomplete chains.

Where do you see mixed content? I really haven't seen any in a couple of days. Though I might have just been lucky. The TLS chains part I have not tested beyond heise.de (mostly the www.heise.de part).

TheRealCuran on 22 Sep 2016

i get mixed content warnings on https://www.heise.de/foto/ for example.
https://tarifrechner.heise.de/ is serving an incomplete chain.

numismatika on 22 Sep 2016

i get mixed content warnings on https://www.heise.de/foto/ for example.

Ah yes, that looks like something that should be fixed before a public announcement. ;-) (And looks a lot like it's just a minor oversight somewhere, because it only seems to affect one class of URLs, those starting with http://www.heise.de/scale/ and for which the HTTPS version works as well, if you open that manually.