Redirect to HTTPS not working

[Fabian Näf 0]

Hi

 

I configured "Force the use of an SSL Certificate (HTTPS) - the Web Tier will redirect to HTTPS, and the API will return a 403 Forbidden message if HTTPS is not used" to Yes under System Settings - Miscellaneous. Under "Specify the Base URL for your site" I specified my site like "https://passwordstate.****.com".

 

When I access "http://passwordstate.****.com" with Internet Explorer, I get an 403 Error, with Firefox and Edge I get a page with the text "You do not have permission to view this directory or page.".

When I access "http://passwordstate.****.com" with Chrome I get redirected to "https://passwordstate.****.com" (as it should).

 

Best regards,

 

Fabian

[support 45]

Hi Fabian,

 

Thanks for reporting this, and all browsers should see a 403 Forbidden message - there should be no redirection with the API. This 403 message should be returned from the server, so it's very odd that Chrome is behaving differently - it should be browser agnostic.

We'll do some testing and see what we can find.

Regards

Click Studios

[Fabian Näf 0]

Hi 

 

As I understand this setting, when I use HTTP, I should be redirected if I use a browser (Web Tier?) and I should get a 403-Error, if I use the API.

Did I understand that wrong?

 

Best regards,

 

Fabian

[support 45]

Hi Fabian,

 

Maybe I misunderstood your original post, as I say the 40 error and thought you were using the API.

 

The API should return a 403 with no redirection, but just accessing the web site should redirect from http to https - it should not return a 403 forbidden message.

Again we'll do some testing to see if there is some inconsistency here, but like I mentioned, the redirection and 403 messages are sent from the web server itself, so each browser should behave the same.

Regards

Click Studios