It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionDear GOG, please fix your https pages linking(21 posts)(21 posts)
(21 posts)
Pages:
1
2
This is my favourite topic
Posted August 27, 2014
high rated
Right now https browsing on GOG got a bit better (no more secure.gog.com but same address usually has an https option). However linking is still all messed up. Secure pages link to insecure ones quite a lot.

Can you fix this please?
____________________________
* Wishlist entry for those who also want this feature
Post edited August 27, 2014 by shmerl
Posted May 01, 2015
Mozilla plans to phase out insecure HTTP: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

It's time to shape up GOG for complete HTTPS experience :)
Posted May 01, 2015
avatar
shmerl: However linking is still all messed up. Secure pages link to insecure ones quite a lot.
Hmm, are you not seeing this? Perhaps I'm just lucky?
Post edited May 01, 2015 by Gydion
Posted May 01, 2015
avatar
shmerl: However linking is still all messed up. Secure pages link to insecure ones quite a lot.
avatar
Gydion: Hmm, are you not seeing this? Perhaps I'm just lucky?
It does redirect me, but without 301. But HTTPS here is still severely broken. At least now, many GOG pages don't break anymore if HTTPSeverywhere is enabled. It just doesn't open secure pages anyway.

This is the rule I use:

<ruleset name="GOG">
<target host="www.gog.com"/>
<target host="gog.com"/>

<rule from="^[url=http://(www\.)?gog\.com]http://(www\.)?gog\.com[/url]/" to="[url=https://www.gog.com/"/>]https://www.gog.com/"/>[/url]
</ruleset>
Post edited May 02, 2015 by shmerl
Posted May 02, 2015
I agree, a full working https implementation would be nice ;)
Posted May 02, 2015
Search however is completely broken with HTTPSeverywhere. I always have to disable it first for games catalog search on GOG.
Post edited May 02, 2015 by shmerl
Posted May 02, 2015
avatar
shmerl: It does redirect me, but without 301. But HTTPS here is still severely broken, to the point that if I use HTTPSeverywhere add-on on GOG, many game pages don't open 80% of the time.
That's how it used to be for me until just recently. Now with the 301 redirects HTTPSeverywhere gives up and loads non-secure version of the game pages or main site. In other words it has disabled HTTPS access on GOG for me except on the legacy pages (forums & account). Could be whatever server I'm hitting is configured differently from most of the others? Are you seeing one of the Verizon based SSL certs now?

I use the same rule.
Post edited May 02, 2015 by Gydion
Posted May 02, 2015
avatar
shmerl: It does redirect me, but without 301. But HTTPS here is still severely broken, to the point that if I use HTTPSeverywhere add-on on GOG, many game pages don't open 80% of the time.
avatar
Gydion: That's how it used to be for me until just recently.
I just realized, that that loop problem is fixed now (not in a good way, since it stays on insecure page but it least it doesn't loop forever anymore). I updated my post. But search is still broken.

It's still a mess. GOG should just enable HTTPS across the whole site properly.
Post edited May 02, 2015 by shmerl
Posted May 02, 2015
A layman's question:
What is the benefit of having https for pages that contain only public information (e.g. game catalogue)?
Posted May 02, 2015
avatar
mrkgnao: What is the benefit of having https for pages that contain only public information (e.g. game catalogue)?
Session cookie.

Also, only HTTPS and GOG doesn't need to work out how to redirect from one to the other.
Posted May 02, 2015
avatar
mrkgnao: A layman's question:
What is the benefit of having https for pages that contain only public information (e.g. game catalogue)?
Your activity should be private to you. Since all traffic should be viewed as intercepted (as now well known), it basically means that using open traffic is like carrying a tracking device with you (which also records what you do) that some Big Brother can always access. What are the implications of that is not really as important as the question of whether you even find that acceptable. I don't think anyone should. So having all traffic encrypted by default is the only way to improve this at least in some way.


See also https://en.wikipedia.org/wiki/Room_641A
Post edited May 02, 2015 by shmerl
Posted May 02, 2015
In even more layman terms, there was a great video from John Oliver about this:
https://www.youtube.com/watch?v=XEVlyP4_11M
Posted May 02, 2015
Good idea.
Right now, if you force https in firefox, you might get errors that you are being redirected indefinitely when browsing gog.
Post edited May 02, 2015 by ThermioN
Posted May 02, 2015
avatar
ThermioN: Right now, if you force https in firefox, you might get errors that you are being redirected indefinitely when browsing gog.
That used to happen until recently, but now it looks better. Still, it's not HTTPS.
Posted May 02, 2015
I would also very much appreciate if I could easily use GOG through HTTPS.
Pages:
1
2
This is my favourite topic
Community
General discussionDear GOG, please fix your https pages linking(21 posts)(21 posts)
(21 posts)