Twipe’s Policy on Migrating WebApps to HTTPS
As you may know, since end of July (24/07/2018), Chrome has started rolling out an updated version (Chrome 68). With this launch of Chrome 68, Google will now label any site still using HTTP as “Not Secure” in the URL bar.
In the coming months, Google plans to strengthen this warning from a “Not Secure” simple grey text to a glaring red warning in October (with the rollout of Chrome 70).
HTTPS stands for “Hyper Text Transfer Protocol Secure”, meaning HTTPS is the secure version of HTTP (the protocol over which data is sent between the browser and the website). This has privacy and security implications: HTTPS encrypts all the communications between the browser and the website, ensuring information is not intercepted by other people and helping to prevent intruders from tampering with the communications.
Twipe’s policy: all WebApps to HTTPS
As a first step, Twipe has already ensured that HTTPS certificate have been set up for the WebApps of all clients. For a few special cases, we have personally contacted clients in order to request and implement the necessary certificate. When the certificate is set up, it means the WebApp is available in both HTTP and HTTPS.
As a next step, Twipe will force all visits to the client’s WebApps to use HTTPS. This means for the readers that if they type http://example.com or if they have bookmarked the HTTP version, they would be automatically redirected to https://example.com. With this redirect, security is strengthened and readers won’t face a “Not Secure” warning.
Twipe’s HTTPS policy is to include HTTPS forced redirects in all upcoming WebApp updates. This means that each time a WebApp is updated, we will take the opportunity to implement automatic redirects for HTTPS. Please note that you will need to make sure all the external links you want to display (ex. abobanners, etc.) are set up in HTTPS as well. In case you want to speed up the process or would like more details please contact your Project Manager.