Google Security Warning

2»

Comments

  • AllenAllen Registered Users Posts: 10,008 Major grins
    edited January 20, 2018

    OK, I'm on my https: nickname site on a folder page. Every sub-folder and gallery link switches me to my http: domain link?
    ... and breadcrumb!

    Every image link on /popular page reverts to http: domain link. Edit: actually only the link shown in the page status is the domain link. Clicking thumb or to LB stays https: nickname.

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • FergusonFerguson Registered Users Posts: 1,339 Major grins

    @Allen said:
    OK, I'm on my https: nickname site on a folder page. Every sub-folder and gallery link switches me to my http: domain link?
    ... and breadcrumb!

    Is it what was caused by what I described on Jan 10th in this thread (I just noticed these posts don't seem to have numbers or anything -- look for "But you must have done that manually" which now appears wrong.

    I've changed all my links to relative and things mostly seem to "stick" whether in nickname or custom domain.

    But I'm still finding places I hard coded http myself in html and fixing them. I had no idea how many places I used it instead of relative -- shame on me.

  • AllenAllen Registered Users Posts: 10,008 Major grins
    edited January 20, 2018

    ALL my inserted typed links are relative. But on https: nickname site all the Smug generated links go to http: domain.
    Starting in a very low child I edit link to https: nickname, refresh. But the whole breadcrumb up the line is domain.

    Al - Just a volunteer here having fun
    My Website index | My Blog
  • FergusonFerguson Registered Users Posts: 1,339 Major grins

    @Allen said:
    ALL my inserted typed links are relative. But on https: nickname site all the Smug generated links go to http: domain.
    Starting in a very low child I edit link to https: nickname, refresh. But the whole breadcrumb up the line is domain.

    I don't think your domain has migrated, I can't link to your website via Https at all.

    https://www.photosbyat.com/

    Right? I get an SSL error. I don't think it's baked yet.

  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins

    @Ferguson said:

    @leftquark said:
    1) If the visitor enters on http, we'll update all the links on your page to use https, so that their second page view moves to https. Once we're confident everything looks good there we will...

    But only links to Smugmug or the custom domain?

    If I understand your question: both. If someone types in "http://www.aaronmphotography.com", then we'll make it so the menu CB, the breadcrumbs, the folders/galleries, etc, all link to "https://www.aaronmphotography.com/Folder/Gallery/"

    @Ferguson said:
    Did you see the comments on menu links above that are absolute? Any chance as you are doing all this magic you will just roll absolute links (to smugmug to the same customer domain or nickname) into relative links?

    I believe we've talked about this before and the reasoning is and still remains the same: SmugMuggers have told us they want this behavior (all gallery and folder links go to the custom domain). In a number of situations we've heard "I WANT ALL MY LINKS TO BE ON MY CUSTOM DOMAIN!", so we've listened and are enforcing the decision to use the custom domain. There's nothing preventing us from keeping it relative, other than a little bit of Engineering/QA work, but it was a Product decision since so many of you complained about having links that aren't on the custom domain. If you have a custom domain, as many of the links as we can, will be to the custom domain (as already mentioned, images will still link to photos.smugmug.com). A common example is someone who starts out without a custom domain and shares some links, who then adds a custom domain. All the links they've shared, they now want using the custom domain, and they expect we'll provide links using the custom domain.

    If for some reason SmugMuggers tell us they no longer want it to work this way, we're here to thrill you, and would be happy to change it to relative links.

    @Ferguson said:
    In the long run none of us want the extra cost of redirects, so the real question is what should users do -- manually change everything to relative (where it applies) or are you going to do it for us as part of the updates?

    For the most part SmugMug will handle the redirects and updating the links (in the iterative phases of the project). The one exception will be any hard-coded custom URL's, like in a Logo Content Block. Those you might need to update but we haven't made any decisions on whether or not we'll fix those automatically (I'm nervous to touch custom URL's at all, since they are custom URL's you've entered)

    @Tom Foster said:
    If I enter https://gallery.edinburghphotography.com it works but if I put https://WWW.gallery.edinburghphotography.com it doesn't (leads to the security error). I presume it's because 'www.' is effectively a subdomain of a subdomain and the SSL certificate is only for first-level subdomains. Now this isn't necessarily a problem but when the redirect to https occurs can it be ensured that it is redirected to the site without the 'www'?

    You are entirely correct! You'll want to instruct your visitors to not use www if you're using smugmug with a subdomain.

    @Ferguson said:
    The first is that if you have HTML which has A records which are explicit with HTTP, they will not change, and you can flip back to HTTP from HTTPS. E.g. my logo at the top explicitly had an A tag for my site's homepage, and every time I clicked it, I was back in HTTP. Change to relative, everything works.

    Yep -- though I imagine once we're completely rolled out we'll just handle the http -> https redirect for you (though it will be a subtle redirect).

    @Allen said:
    OK, I'm on my https: nickname site on a folder page. Every sub-folder and gallery link switches me to my http: domain link?
    ... and breadcrumb!

    Every image link on /popular page reverts to http: domain link. Edit: actually only the link shown in the page status is the domain link. Clicking thumb or to LB stays https: nickname.

    As mentioned above, we're phasing the roll-out and ensuring everything works before starting to enforce https all over. That will get fixed as part of the soon-to-launch phases of the project.

    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • FergusonFerguson Registered Users Posts: 1,339 Major grins

    @leftquark said:

    @Ferguson said:
    Did you see the comments on menu links above that are absolute? Any chance as you are doing all this magic you will just roll absolute links (to smugmug to the same customer domain or nickname) into relative links?

    I believe we've talked about this before and the reasoning is and still remains the same: SmugMuggers have told us they want this behavior (all gallery and folder links go to the custom domain). In a number of situations we've heard "I WANT ALL MY LINKS TO BE ON MY CUSTOM DOMAIN!", so we've listened and are enforcing the decision to use the custom domain. There's nothing preventing us from keeping it relative, other than a little bit of Engineering/QA work, but it was a Product decision since so many of you complained about having links that aren't on the custom domain. If you have a custom domain, as many of the links as we can, will be to the custom domain (as already mentioned, images will still link to photos.smugmug.com). A common example is someone who starts out without a custom domain and shares some links, who then adds a custom domain. All the links they've shared, they now want using the custom domain, and they expect we'll provide links using the custom domain.

    Sorry, I do recall that now. Frankly I think it's a real corner case, the idea that you purposely go in via the nickname and then want it to shift, but OK.

    FWIW I think the use case of "something is wrong and I want to see if it's my custom domain or not" and being able to shift back to the nickname might be a stronger argument.

    But I'll try to remember this case in the future, besides I've changed my links to relative (hopefully all) so with luck I won't stumble on it any more.

  • denisegoldbergdenisegoldberg Administrators Posts: 14,220 moderator

    @leftquark said:
    I believe we've talked about this before and the reasoning is and still remains the same: SmugMuggers have told us they want this behavior (all gallery and folder links go to the custom domain). In a number of situations we've heard "I WANT ALL MY LINKS TO BE ON MY CUSTOM DOMAIN!", so we've listened and are enforcing the decision to use the custom domain. There's nothing preventing us from keeping it relative, other than a little bit of Engineering/QA work, but it was a Product decision since so many of you complained about having links that aren't on the custom domain.

    I've always wanted the domain used to access my site to stick. If the viewer enters my smugmug URL then I want it to stay on that URL. If the custom domain is entered I want it to stay there.

    I expressed this many years ago. Perhaps I'm in the minority, but is there a possibility of adding this as an option?

  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins

    As of today we've begun enabling full SSL (https) redirects from http to https across entire sites. Any non-https URL will get redirected to https. The roll-out should complete by Friday - let us know if you're not seeing automatic redirection after then.

    You can see my site, for example, http://www.aaronmphotography.com will automatically redirect to https://www.aaronmphotography.com

    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Sign In or Register to comment.