When I click links in lemmy comments that explicitly include http in the url, the resulting page is always https. To me, the preferred behavior would be to default to https if no protocol is specified, but to respect the user’s preference if given.
Most of the time, there is no downside to changing to https, but some sites will result in an error if they don’t properly support https (I’ve encountered this when incorrectly typing a url before, but as it was not recent I don’t recall the details), and in rare cases the same domain name may serve different content on http vs https, making the ability to specify when linking desirable.
For example, http://xkcdsw.com is an archive of fan-edited comics, while https://xkcdsw.com is some kind of crypto site. While obviously that’s dodgy on the site end, it’s also strange to be completely unable to link the former without telling people to manually remove the s.
Is this redirecting happening on the app level, or the instance level, or something else? It’s not unique to me, as I was first alerted to it by replies that were confused at my links not going where I said they went.
It looks like Jerboa is forcing HTTPS. It’s using the Markwon library for parsing markdown, and a custom
ForceHttpsPlugin
is installed: https://github.com/LemmyNet/jerboa/blob/19be714fe08eaff6d2f616aa3da1b82df81a1d84/app/src/main/java/com/jerboa/ui/components/common/MarkdownHelper.kt#L93.Aha, thanks! I guess that concludes this thread, as I don’t really expect to get a dev chiming in explaining why.
It’s not my preferred way of handling it but I don’t have the energy to make a fuss. I guess if I click a link that needs to be http, I’ll copy it to a browser, and if I post one I’ll remind others to do the same. Probably won’t come up often enough to care about.
At least you’ve satisfied my curiosity as to what was going on 😀
Edit: I was repeatedly told while trying to post this comment that the request timeout had expired. When the error stopped appearing, I had posted 4 copies of this message. I have deleted them but I apologize if they still spam your inbox as [deleted] or something.
Jerboa forces HTTPS for images (Markwon plugin) because android doesn’t allow to load http due to cleartext. I can disable this for older Android version but not in newer Android. There is a good reason for this as its much less secure. So instead I chose to rewrite http to https for links in markwon
https://developer.android.com/privacy-and-security/risks/cleartext
Actually Jerboa rewrites all http links to https. Originally it was because of cleartext, it wouldn’t load http images. But then I decided all links should be rewritten to http for security. If it might be too troubling I could change this but imo all sites should support https