To what extent does KoL support HTTPS?

zwol · Thu, Dec 6th, 2012, 10:04 PM

I'm wondering to what extent KoL officially supports being used via HTTPS. It's kind of a mixed bag what works with an https:// URL and what doesn't -- the login page is fine, you can pull arbitrary images off the image server as well, game.php redirects you to HTTP if accessed over HTTPS, and I haven't dug into it any deeper than that. I'm looking for an official "we support HTTPS for this and that but not these other things" statement.

Context: I've been using a Firefox extension, HTTPS Everywhere, that tries to make it so as much of your web browsing is encrypted as possible. Specifically, if you visit a site that supports both unencrypted and encrypted access, it'll rewrite all the URLs so that you use the encrypted version, regardless of whether the hyperlinks involved were written that way. It does this with a giant pile of regular expressions, and it can be taught to load only part of a site over HTTPS if that's what the site admins want.

I was on a KoL hiatus when I first started using this extension, but came back last week, only to get stuck in an infinite loop on the HTTPS version of game.php, because the extension is trying to enforce use of HTTPS for every URL that begins *.kingdomofloathing.com. I can just turn off that subset of the pile of regular expressions, but I'd like to fix them properly, and to do that I need to know which pages are officially supported for HTTPS access.

*Moved from Help.*

Thu, Dec 6th, 2012, 10:04 PM	#1
zwol Apathetic Lizardman Join Date: 14th Aug, 2004 Posts: 7	To what extent does KoL support HTTPS? I'm wondering to what extent KoL officially supports being used via HTTPS. It's kind of a mixed bag what works with an https:// URL and what doesn't -- the login page is fine, you can pull arbitrary images off the image server as well, game.php redirects you to HTTP if accessed over HTTPS, and I haven't dug into it any deeper than that. I'm looking for an official "we support HTTPS for this and that but not these other things" statement. Context: I've been using a Firefox extension, HTTPS Everywhere, that tries to make it so as much of your web browsing is encrypted as possible. Specifically, if you visit a site that supports both unencrypted and encrypted access, it'll rewrite all the URLs so that you use the encrypted version, regardless of whether the hyperlinks involved were written that way. It does this with a giant pile of regular expressions, and it can be taught to load only part of a site over HTTPS if that's what the site admins want. I was on a KoL hiatus when I first started using this extension, but came back last week, only to get stuck in an infinite loop on the HTTPS version of game.php, because the extension is trying to enforce use of HTTPS for every URL that begins .kingdomofloathing.com. I can just turn off that subset of the pile of regular expressions, but I'd like to fix them properly, and to do that I need to know which pages are officially supported for HTTPS access. Moved from Help.*