@life359 said:
Seriously, this is not 1995. Why are we forced to http? Relative to bandwidth, https is practically no performance overhead now. Why are you not only not defaulting to https but actually forcing https back to http? You must be the only site left on the Internet that I know of that does this. I can think of no other site I visit that actually forces back to http.
they have it enabled on their auth.gamespot sub domain for registering and logging in. it's just not been implemented across the gamespot domain, it's not an explicit redirect back to http. if you open up your dev console you can see a ton of hard coded http resources which shows this to be the case.
i don't know why exactly they haven't enabled it site wide but two questions / observations -
1. why is it so important to you? i.e. what sensitive data are you worried about submitting that needs encrypting?
2. you may not realise the difficulty in implementing it across a site as large as gamespot, which requires every single link to external files, either their own files or from third party sites they use (and that will be a ton), updated to be protocol agnostic i.e. remove the protocol. if there's a single third party site that doesn't support https or one rogue link that's hardcoded with http their certificate is invalidated. there's other complications beyond that too
Log in to comment