Board Thread:New Features/@comment-270184-20151105191759

It seems Wikia has a TLS certificate for *.wikia.com. Great!

However, it seems to redirect HTTPS requests to HTTP. For example, if you visit https://www.wikia.com/Wikia, you end up on http://www.wikia.com/Wikia instead. Why?! This is the exact opposite of what should happen.

I’m currently posting this over hotel WiFi, over HTTP (since you don’t give me a choice) and am thus risking my session cookies.

Please consider moving Wikia to HTTPS. This can happen in two steps:

1. Stop redirecting HTTPS to HTTP. This gives people the option to browser Wikia over HTTPS instead of HTTP while still allowing HTTP. 2. At a later stage, when you’re ready, start redirecting HTTP requests to HTTPS (and implement HSTS, etc.).

Right now I would be happy with step 1.  