Need whitelist entry for www.fark.com and total.fark.com
Short version: HTTPS Anywhere now breaks many form submissions on www.fark.com and total.fark.com, and we need a whitelist rule.
Longer version: our desktop site's ads cannot load over HTTPS, so we have to unfortunately run that site HTTP to avoid mixed-content warnings. Google's ad team, and third party ad networks, apparently don't have the same urgency as Google's Chrome team when it comes to encouraging HTTPS use...
We do now have a way to pay a small monthly amount to turn ads off yet still support the site (BareFark), and anyone that buys that gets an SSL version of the site as a perk, and is forcibly redirected to it if they hit it via plaintext. To make ads work though, we have to push everyone else back to the plaintext version.
Unfortunately, this combined with HTTPS Anywhere breaks our Post-Redirect-Get form submission logic. The POST always goes to HTTPS, caches the form variables, then redirects to a GET which then retrieves those variables (and clears the cached version to avoid double-submits). HTTPS Anywhere then tries to redirect that GET back to an HTTPS version, which causes the form variables to be lost and the overall POST to fail. Sad trombone.
Fortunately our mobile ad networks don't have the limitation of being HTTP-only, so, we do NOT need a whitelist rule for m.fark.com, m.total.fark.com, or our images host img.fark.net. We already forcibly redirect all mobile hits over to HTTPS, though we aren't quite yet using HSTS to do it. (See, we're at least trying...)
Trac:
Username: bit0mike