#1
|
|||
|
|||
App-wide automatic https support
As you know all the major browser makers have over the last few years become increasingly aggressive about the use of https links for security and have started flagging plain http URLs (especially login pages or those with forms) as unsafe.
Additionally it has come to my notice that certain http URLs have been blocked by my ISP whereas the https URLs for the same file hosts are unblocked. Whether this is deliberate or an oversight, I do not know. Thus my suggestion is that JD should internally switch to prioritizing https everywhere, and try the http version for any link only as an automatic fallback measure. So for example if I add a bunch of http links to the LinkGrabber, it would be great if JD automatically tried their https versions before declaring failure. Same goes for all decrypter plugins, login plugins and what not. Even code for operations such as loading favicons for file hosts should try https first. Keeping in mind the transition to https everywhere this is obviously the sensible thing to do. **External links are only visible to Support Staff****External links are only visible to Support Staff** **External links are only visible to Support Staff****External links are only visible to Support Staff** **External links are only visible to Support Staff****External links are only visible to Support Staff** |
#2
|
||||
|
||||
Plugins either provide options to switch between https or http and newer plugins often use https as default but older plugins may still use http and then auto switch to https (depending on server settings). There is no generic *all to https* solutions as for example many sites have websites with https but downloads still with http or depending on user settings and changing those may result in redirect loops (user settings wants https but server wants http...or other way).
It also highly depends on links. Those with plugins must be updated to support this. Those with generic plugins (for example normal http) auto upgrade must be wisely done to avoid DDOS or high server load.
__________________
JD-Dev & Server-Admin |
#3
|
||||
|
||||
__________________
JD-Dev & Server-Admin |
Thread Tools | |
Display Modes | |
|
|