[hibernate-dev] Re: Automatically Upgrade to HTTPS
it broke legacy applications whose XML parser will automatically
fetch
the DTD from hibernate.org on startup,
Gasp, I see. They shouldn't really be fetching that file in the first
place, but I see how you don't want to break those consumers.
You might do it perhaps by announcing a transition date in a few months
(e.g. 2020/03/31), giving people time to upgrade. I cannot quantify the SEO
impact of this, but I suppose it's only getting worse. Tough choice :(
--Gunnar
Am Mo., 23. Nov. 2020 um 17:34 Uhr schrieb Yoann Rodiere <
yoann(a)hibernate.org>:
Hey,
Ah, this again.
We've already looked into it. Last time we did, we got bug reports because
it broke legacy applications whose XML parser will automatically fetch the
DTD from hibernate.org on startup, and does not handle redirection or
HTTPS (I don't know which exactly).
We cannot do this redirection on a per-page basis (to exclude /dtd/)
because we're using GitHub pages and the redirection setting is global.
So right now, we could only do this by moving away from GitHub pages. And
then we'd probably need some cache in front of our server.
Long story short, nobody had time to look into this so far.
Yoann Rodière
Hibernate Team
yoann(a)hibernate.org
On Mon, 23 Nov 2020 at 17:23, Gunnar Morling <gunnar(a)hibernate.org> wrote:
> Hey all,
>
> I just noticed that visiting http://hibernate.org/ (i.e. not http*s*)
> will
> not automatically upgrade you to HTTPS, but leave you with that ugly
> unsecure icon in the browser address bar. It's also what you get when
> simply typing hibernate.org (i.e. 99% of users).
>
> As search engines tend to penalize non-HTTPS these days, I'd suggest to
> look into automatically upgrading if possible.
>
> Best,
>
> --Gunnar
> _______________________________________________
> hibernate-dev mailing list -- hibernate-dev(a)lists.jboss.org
> To unsubscribe send an email to hibernate-dev-leave(a)lists.jboss.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s