[#16585] - Metadate Secure does not seem to work on hompage
- Closed
- 19 Aug 2017
- Medium
- Build: 3.7.2
- # 16585
Steps to reproduce the issue
Using 3.7.2 site with Cloudflare. If I set a menu item to have the Metadata Secure option to OFF then when I access the page it is accessed as http://
Other pages where Secure is On they are accessed via https://
HOWEVER if I set the menu item where Secure is OFF to be the homepage. Then when I access this page it uses https://
Expected result
I would expect it to be accessed via http:// regardless of it being the home page or not.
Actual result
Accessed as https://
System information (as much as possible)
PHP 7.0.17
Additional comments
Have tried turning SEO off but makes no difference.
Let me know if further details required
| Category | ⇒ | com_content |
The setting of the menu item only determins what happens if you click on the menu item, but the URL is still accessible for both http and https as long as you do not set the "force https" (or so, don't remember the precise name now) option in global config.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16585.
I have force https set to administrator
On the page with Secure=OFF, yes the URL is accessible by both http and https but the menu directs you to http.
I may want to do this because some content we wish to display (UK weather forecast) is not available via https
As our sites don't handle much if any sensitive data that does not seem to be much of a security issue.
If I make the page the default home page then even though the menu points at http it is loaded as https.
Is Joomla causing this?
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16585.
@ramblerswebs I have same setup as you, with "force https" set to "administrator only" and all menu items (including the home pages for my 3 languages) having Secure=OFF, except the "Contact" menu item, which has Secure=ON. And on my website everthing works. You can check at http://www.richard-fath.de.
So I can say no, Joomla does not do this.
Maybe you have a rewrite from http to https in your .htaccess which only affects the base URL?
If you are not sure, post the content of your .htaccess here, with secret stuff like e.g. paths to Joomla on shared hosts being obfuscated, i.e. repalce secret stuff by some bla bla.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16585.
| Status | New | ⇒ | Information Required |
| Closed_Date | 2017-08-19 13:00:20 | ⇒ | 2017-08-19 13:00:21 |
| Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
| Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-08-19 13:00:20 |
| Closed_By | ⇒ | franz-wohlkoenig |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/16585
closed due the lack of Response.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16585.
first it will depend on how your server is handling https
second you really should never be disabling https - thats a crazy thing to do