Why can I not receive subscription-changed updates over HTTPS?

  • Problem
  • Updated 3 years ago
  • Acknowledged
I would like to receive the subscription updates on a secure URL (HTTPS) but the URL needs to start with "HTTP://"
Photo of Maarten Wolzak

Maarten Wolzak

  • 2 Posts
  • 0 Likes
  • sad

Posted 3 years ago

  • 3
Photo of Duff OMelia

Duff OMelia, Official Rep

  • 282 Posts
  • 16 Likes
Hi Maarten, we don't yet support it. Fortunately, we're not sending any sensitive information.
Photo of Maarten Wolzak

Maarten Wolzak

  • 2 Posts
  • 0 Likes
Yeah, I understand you don't support it. I got the message :-)

I would like it there not just because of the data you're sending but also because I want to expose as little as possible to non-secure connections.
Photo of Duff OMelia

Duff OMelia, Official Rep

  • 282 Posts
  • 16 Likes
I gotcha. And as a developer, I know that it can be annoying, especially for sites that have everything locked down with https. Having a separate url that is different from the other urls on your site is sub-optimal.

It's something on our list that we know we'd like to support. There are many other things we'd like to do first though.
Photo of Joel Bradshaw

Joel Bradshaw

  • 1 Post
  • 0 Likes
I just want to reiterate that this is a very inconvenient limitation. I don't allow any HTTP access to my site - everything is just 301 redirected to HTTPS. The fact that your update servers can't follow a 301 redirect or even talk HTTPS is frustrating.

It's even more frustrating because in order to work around this, I have to add a special exception in my Apache configuration! This is far over and above what should be required to listen for a simple callback.