On Tuesday, November 11, 2014 2:37:42 PM UTC, clara wrote: > > Thanks for this reply! So there was somthing on Pythonanywhere's side that > forced https rather than http.... >
Exactly. It only did it if you had visited your site using HTTPS once from that browser, which is why you saw the problem from your PC but not from your phone. > I cleared my cache and things are working properly now. > Great! > Thanks a lot!! > No problem, and sorry for the bug! It was a particularly nasty bit of nginx configuration on our loadbalancer, which we thought did one thing and actually did something subtly different. All the best, Giles > > Clara > > El martes, 11 de noviembre de 2014 08:29:08 UTC-3, Giles Thomas escribió: >> >> Hi there, >> >> PythonAnywhere dev here -- you're right, it's a browser cache thing, >> resulting from a bug on our side. >> >> We have a "Strict-Transport-Security" setting on the main PythonAnywhere >> site that means that if you ever visit it via https then in future your >> browser will always use https to access it. This fixes a number of >> potential security holes, and we think it's a good thing. But we only >> intended it to apply to www.pythonanywhere.com. >> >> Unfortunately for a brief period this setting "leaked" into some of our >> customers' sites as the result of a bug on our side. So if you visited one >> of them via https (eg. to use the admin UI) while that bug was active then >> your browser will have stored the "always use https" setting for that site. >> (Perhaps confusingly, this will also apply if you visit it in an incognito >> session -- incognito sessions inherit this setting from non-incognito >> sessions, though obviously the reverse isn't true.) >> >> The best fix is to clear your browser history. Sorry about that! >> >> >> All the best, >> >> Giles >> >> >> >> >> >> >> >> >> On Monday, November 10, 2014 3:47:11 PM UTC, Niphlod wrote: >>> >>> it's probably some misconfiguration / cached values / etc on your >>> browser. Try resetting preferences/cache/etc (or open an "incognito" >>> session) to test it properly. >>> >>> On Monday, November 10, 2014 3:31:58 PM UTC+1, clara wrote: >>>> >>>> Hello Niphlod, >>>> >>>> Thanks for your quick answer. From my PC if I try either link I always >>>> get the secure site back (https). If I try it on my cellphone though I >>>> get >>>> http when requesting http and https when requesting https. >>>> >>>> If I remember correctly, when I do the same from my notebook at home, I >>>> always end up getting the secure site back. >>>> >>>> Could this be related to the browser settings? >>>> >>>> Thanks again, >>>> >>>> Clara >>>> >>>> >>>> PS: I am relieved to know that both http and https are served in >>>> Pythonanywere >>>> >>>> >>>> >>>> El lunes, 10 de noviembre de 2014 11:03:51 UTC-3, Niphlod escribió: >>>>> >>>>> the first link, albeit "printed" as http, is carrying a link to https: >>>>> >>>>> please.... >>>>> >>>>> try this >>>>> http://ulamdev.pythonanywhere.com/unlam >>>>> and >>>>> https://ulamdev.pythonanywhere.com/unlam >>>>> >>>>> Sites are served "independently" because pythonanywhere serves both by >>>>> default, and both are available without redirects. >>>>> >>>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
