Fabian Näf 10 Report post Posted July 22, 2017 Hi I configured "Force the use of an SSL Certificate (HTTPS) - the Web Tier will redirect to HTTPS, and the API will return a 403 Forbidden message if HTTPS is not used" to Yes under System Settings - Miscellaneous. Under "Specify the Base URL for your site" I specified my site like "https://passwordstate.****.com". When I access "http://passwordstate.****.com" with Internet Explorer, I get an 403 Error, with Firefox and Edge I get a page with the text "You do not have permission to view this directory or page.". When I access "http://passwordstate.****.com" with Chrome I get redirected to "https://passwordstate.****.com" (as it should). Best regards, Fabian Quote Share this post Link to post Share on other sites
support 202 Report post Posted July 22, 2017 Hi Fabian, Thanks for reporting this, and all browsers should see a 403 Forbidden message - there should be no redirection with the API. This 403 message should be returned from the server, so it's very odd that Chrome is behaving differently - it should be browser agnostic. We'll do some testing and see what we can find. Regards Click Studios Quote Share this post Link to post Share on other sites
Fabian Näf 10 Report post Posted July 23, 2017 Hi As I understand this setting, when I use HTTP, I should be redirected if I use a browser (Web Tier?) and I should get a 403-Error, if I use the API. Did I understand that wrong? Best regards, Fabian Quote Share this post Link to post Share on other sites
support 202 Report post Posted July 23, 2017 Hi Fabian, Maybe I misunderstood your original post, as I saw the 403 error and thought you were using the API. The API should return a 403 with no redirection, but just accessing the web site should redirect from http to https - it should not return a 403 forbidden message. Again we'll do some testing to see if there is some inconsistency here, but like I mentioned, the redirection and 403 messages are sent from the web server itself, so each browser should behave the same. Regards Click Studios Quote Share this post Link to post Share on other sites
Fabian Näf 10 Report post Posted August 28, 2017 (edited) Hi I just wannted to ask, if you got some news about this issue? Best regards, Fabian Edit: Propably I need to mention, that I have Windows Authentication enabled, if this matters... Edited August 29, 2017 by Fabian Näf Quote Share this post Link to post Share on other sites
support 202 Report post Posted August 29, 2017 Hi Fabian, Sorry for the delay in getting back to you on this. I've just tested in Chrome, Firefox, Internet Explorer and Edge, and each browser redirects from HTTP to HTTPS correctly. With a call to the API, I receive the error below which is what we would expect to see if you are not using HTTPS. So we cannot seem to reproduce the issue you are seeing. Can you try enabling 'Anonymous' authentication for your site temporarily, and see if this makes any difference for you - it shouldn't, as I tested with Windows Authentication only enabled? Do you use internal proxy servers at all? Regards Click Studios Quote Share this post Link to post Share on other sites
