<div dir="auto"><br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">On 23 Aug. 2017 6:57 am, "Tomasz Neugebauer" <<a href="mailto:Tomasz.Neugebauer@concordia.ca">Tomasz.Neugebauer@concordia.ca</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-CA" link="#0563C1" vlink="#954F72">
<div class="m_4374435036421734524WordSection1">
<p class="MsoNormal">Google is sending out alerts that it will soon begin to show security warnings in Chrome for any web site that is not SSL (HTTPS).<u></u><u></u></p>
<p class="MsoNormal">Our EPrints repository (running 3.3.12) switches over to HTTPS when the user authenticates, but the browse pages are available through HTTP as well.<u></u><u></u></p>
<p class="MsoNormal">What is the best way to get EPrints to redirect everything to HTTPS?<u></u><u></u></p>
<p class="MsoNormal">I think I remember this question coming up on the list before, but I can’t seem to find any references.</p>
<p class="MsoNormal">Thanks!</p>
<p class="MsoNormal">Tomasz</p></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">All I remember is that I had to change how eprints generates the Apache config so it added a <Location> chunk for the non-secure root (i.e. "/") inside the :443 VirtualHost, which defined the eprints archive environment variable.</div><div dir="auto"><br></div><div dir="auto">Our repo allows both http and https access, though; if you're going https-everywhere you'll probably have different concerns.</div><div dir="auto"><br></div><div dir="auto">Oh, and see also: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security</a></div><div dir="auto"><br></div><div dir="auto">Cheers</div><div dir="auto">-- </div><div dir="auto">Matthew Kerwin</div><div class="gmail_extra" dir="auto"></div></div>