Fabian Näf Posted July 22, 2017 Share Posted July 22, 2017 Hi I configured "Force the use of an SSL Certificate (HTTPS) - the Web Tier will redirect to HTTPS, and the API will return a 403 Forbidden message if HTTPS is not used" to Yes under System Settings - Miscellaneous. Under "Specify the Base URL for your site" I specified my site like "https://passwordstate.****.com". When I access "http://passwordstate.****.com" with Internet Explorer, I get an 403 Error, with Firefox and Edge I get a page with the text "You do not have permission to view this directory or page.". When I access "http://passwordstate.****.com" with Chrome I get redirected to "https://passwordstate.****.com" (as it should). Best regards, Fabian Link to comment Share on other sites More sharing options...
support Posted July 22, 2017 Share Posted July 22, 2017 Hi Fabian, Thanks for reporting this, and all browsers should see a 403 Forbidden message - there should be no redirection with the API. This 403 message should be returned from the server, so it's very odd that Chrome is behaving differently - it should be browser agnostic. We'll do some testing and see what we can find. Regards Click Studios Link to comment Share on other sites More sharing options...
Fabian Näf Posted July 23, 2017 Author Share Posted July 23, 2017 Hi As I understand this setting, when I use HTTP, I should be redirected if I use a browser (Web Tier?) and I should get a 403-Error, if I use the API. Did I understand that wrong? Best regards, Fabian Link to comment Share on other sites More sharing options...
support Posted July 23, 2017 Share Posted July 23, 2017 Hi Fabian, Maybe I misunderstood your original post, as I saw the 403 error and thought you were using the API. The API should return a 403 with no redirection, but just accessing the web site should redirect from http to https - it should not return a 403 forbidden message. Again we'll do some testing to see if there is some inconsistency here, but like I mentioned, the redirection and 403 messages are sent from the web server itself, so each browser should behave the same. Regards Click Studios Link to comment Share on other sites More sharing options...
Fabian Näf Posted August 28, 2017 Author Share Posted August 28, 2017 Hi I just wannted to ask, if you got some news about this issue? Best regards, Fabian Edit: Propably I need to mention, that I have Windows Authentication enabled, if this matters... Link to comment Share on other sites More sharing options...
support Posted August 29, 2017 Share Posted August 29, 2017 Hi Fabian, Sorry for the delay in getting back to you on this. I've just tested in Chrome, Firefox, Internet Explorer and Edge, and each browser redirects from HTTP to HTTPS correctly. With a call to the API, I receive the error below which is what we would expect to see if you are not using HTTPS. So we cannot seem to reproduce the issue you are seeing. Can you try enabling 'Anonymous' authentication for your site temporarily, and see if this makes any difference for you - it shouldn't, as I tested with Windows Authentication only enabled? Do you use internal proxy servers at all? Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.