Piwigo.org

You are not logged in. (Register / Login)

Announcement

#16 2014-10-13 19:54:09

smu
Guest

Re: Force HTTPS plugin

Has anyone tested this plugin with 2.7.1?

 

#17 2014-10-13 20:17:16

photo_friend
Member
Location: Berlin
Registered: 1970-01-01
Posts: 194

Re: Force HTTPS plugin

smu wrote:

Has anyone tested this plugin with 2.7.1?

Good question - I also use this plugin!

Offline

 

#18 2014-10-23 08:15:22

photo_friend
Member
Location: Berlin
Registered: 1970-01-01
Posts: 194

Re: Force HTTPS plugin

When will be the plugin ready for piwigo 2.7.1?

Thanks a lot!!!

Offline

 

#19 2014-11-06 12:20:52

2otherjobs
Member
Registered: 2014-07-14
Posts: 19

Re: Force HTTPS plugin

This is another request for updating this plugin to work with  2.7.1.  I used it with 2.6.3 and could make the iPhone app work over https.  Cannot with 2.7.1.

Thanks you if you can find the time...

Offline

 

#20 2014-12-05 09:40:01

r.orrison
Member
Registered: 2014-12-05
Posts: 12

Re: Force HTTPS plugin

Hi - I've just installed this in 2.7.2 and it seems to be working. Other than the problem with the iPhone app, are there any known issues I should watch out for?
Thanks!

Offline

 

#21 2015-04-17 10:38:45

fr
Member
Registered: 2012-07-27
Posts: 9

Re: Force HTTPS plugin

Hello,

yesterday I updated to Piwigo 2.7.4. After the update all I had to reactivate all the plugins I used before. Almost everything is working again, but unfortunately I couldn't reactivate "Force HTTPS" plugin.
According to "/www/piwigo/plugins/piwigo-force-https/main.inc.php" most recent version 1.4.0 of Force HTTPS is installed.
When reactivating, I get this error:

Fatal error: Class 'piwigo-force-https_maintain' not found in /hp/bq/ac/io/www/piwigo/admin/include/plugins.class.php on line 96


Something must be wrong in this section of "plugins.class.php"

     // 2.7 pattern (OO only)
         if (file_exists($file_to_include.'.class.php'))
         {
           include_once($file_to_include.'.class.php');
           return new $classname($plugin_id);
         }


According to Notepad++ line numbering, this is line 96 from above section:
             return new $classname($plugin_id);

What has to be changed/added in this line?

BTW: I receive same error message when trying to delete "Force HTTPS" from inactive plugins list.

Thanks in advance
FR

Offline

 

#22 2015-04-17 10:55:17

mistic100
Former Piwigo Team
Location: Lyon (FR)
Registered: 2008-09-27
Posts: 3267
Website

Re: Force HTTPS plugin

Nothing is wrong with this line

it's just that you installed the plugin in the wrong folder, it must be named "Force_HTTPS" and not "piwigo-force-https"

Offline

 

#23 2015-04-17 15:39:00

fr
Member
Registered: 2012-07-27
Posts: 9

Re: Force HTTPS plugin

Hi mistic100,

thanks for your fast reply.

You are right, I renamed folder "piwigo-force-https" to "Force_HTTPS". Then I was asked to uninstall plugin "piwigo-force-https", which I did and finaly reactivated "Force_HTTPS" :-)

Honestly, I can't remember having changed or renamed installation folder in the past (I just had to do the "deltree" renaming). But anyway it is working again :-))

thanks and kind regards from Germany
FR

Offline

 

#24 2016-11-07 16:30:39

gnurob
Member
Registered: 2016-10-29
Posts: 13

Re: Force HTTPS plugin

Hi, there's a bit of a discussion going on about 301 and 302 redirects here: http://piwigo.org/forum/viewtopic.php?pid=165137

Short version: it would be really good if this plug-in changed the redirect code from 302 to 301.

The reason is that a 302 redirect is a temporary redirect. It passes  no ranking power from backlinks and is really a broken implementation when used for a permanent redirect. Between HTTP 1.0 and 1.1 the 302 status code "Moved Temporarily" was changed to mean "Found."

P.S. Even better if you can find a fix for rel=canonical links. Right now the canonical link does not include the protocol so a search engine visiting the HTTP and HTTPS versions will get a signal that both are canonical.

Offline

 

#25 2016-11-10 11:38:24

plg
Piwigo Team
Location: Nantes, France, Europe
Registered: 2002-04-05
Posts: 13080
Website

Re: Force HTTPS plugin

Hi gnurob,

There is also this [Forum, topic 26826] [Force HTTPS] questions about code and "login only" feature about this plugin. Unfortunately no answer to it. I'm going to see if bonhommedeneige if OK to transfer the code to Piwigo team, so that we can maintain/improve it :-)


Latest blog post (March 23th 2017) Piwigo.com Enterprise plans, now official!

Offline

 

#26 2016-11-10 21:57:26

gnurob
Member
Registered: 2016-10-29
Posts: 13

Re: Force HTTPS plugin

Hi pig,

That's a great point you make. I'd say the code will continue in good hands if you both agree on the switch. Good luck with it!

Offline

 

#27 2017-03-12 17:59:02

mycomputers
Member
Registered: 2013-01-23
Posts: 4

Re: Force HTTPS plugin

Can anyone help me with this plugin; any way I can deactivate it and restore my site?

I activated it thinking it would just inforce https; but it now won't let me login to the site to do anything

I can't even get to the admin site to deactivate it

Offline

 

#28 2017-08-02 10:22:58

martinw
Member
Registered: 2017-07-23
Posts: 2

Re: Force HTTPS plugin

The value of 500 is set too low for Strict-Transport-Security. It should be at least 6 months. See here for example: https://wiki.mozilla.org/Security/Guide … t_Security

Offline

 

#29 2017-11-09 22:28:05

bonhommedeneige
Member
Location: France
Registered: 2013-05-03
Posts: 20

Re: Force HTTPS plugin

gnurob wrote:

Short version: it would be really good if this plug-in changed the redirect code from 302 to 301.

The reason is that a 302 redirect is a temporary redirect. It passes  no ranking power from backlinks and is really a broken implementation when used for a permanent redirect. Between HTTP 1.0 and 1.1 the 302 status code "Moved Temporarily" was changed to mean "Found."

Hi gnurob,
A new version has been released (currently 2.0.1) which now redirects by default using the 301 code (an option is available to switch from 301 to 302 for those who still would like to use temporary redirection.
Arnaud (bonhommedeneige)

Offline

 

#30 2017-11-09 22:29:11

bonhommedeneige
Member
Location: France
Registered: 2013-05-03
Posts: 20

Re: Force HTTPS plugin

martinw wrote:

The value of 500 is set too low for Strict-Transport-Security. It should be at least 6 months. See here for example: https://wiki.mozilla.org/Security/Guide … t_Security

Fixed (and customizable) in the latest version. Thanks for the notice !
Arnaud (bonhommedeneige)

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2017 · Contact