Hi there, PythonAnywhere dev here -- you're right, it's a browser cache thing, resulting from a bug on our side.
We have a "Strict-Transport-Security" setting on the main PythonAnywhere site that means that if you ever visit it via https then in future your browser will always use https to access it. This fixes a number of potential security holes, and we think it's a good thing. But we only intended it to apply to www.pythonanywhere.com. Unfortunately for a brief period this setting "leaked" into some of our customers' sites as the result of a bug on our side. So if you visited one of them via https (eg. to use the admin UI) while that bug was active then your browser will have stored the "always use https" setting for that site. (Perhaps confusingly, this will also apply if you visit it in an incognito session -- incognito sessions inherit this setting from non-incognito sessions, though obviously the reverse isn't true.) The best fix is to clear your browser history. Sorry about that! All the best, Giles On Monday, November 10, 2014 3:47:11 PM UTC, Niphlod wrote: > > it's probably some misconfiguration / cached values / etc on your browser. > Try resetting preferences/cache/etc (or open an "incognito" session) to > test it properly. > > On Monday, November 10, 2014 3:31:58 PM UTC+1, clara wrote: >> >> Hello Niphlod, >> >> Thanks for your quick answer. From my PC if I try either link I always >> get the secure site back (https). If I try it on my cellphone though I get >> http when requesting http and https when requesting https. >> >> If I remember correctly, when I do the same from my notebook at home, I >> always end up getting the secure site back. >> >> Could this be related to the browser settings? >> >> Thanks again, >> >> Clara >> >> >> PS: I am relieved to know that both http and https are served in >> Pythonanywere >> >> >> >> El lunes, 10 de noviembre de 2014 11:03:51 UTC-3, Niphlod escribió: >>> >>> the first link, albeit "printed" as http, is carrying a link to https: >>> >>> please.... >>> >>> try this >>> http://ulamdev.pythonanywhere.com/unlam >>> and >>> https://ulamdev.pythonanywhere.com/unlam >>> >>> Sites are served "independently" because pythonanywhere serves both by >>> default, and both are available without redirects. >>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
