Allow user to go https or http for ONE Route

Example here

http://disqus.com/embed/comments/?base=default&version=c90880705f245f49fcfdc2d4a083b6b3&f=shiy&t_i=PAGE_IDENTIFIER&t_u=http%3A%2F%2Flocalhost%3A8000&t_d=EasyXDM&t_t=EasyXDM&s_o=default

https://disqus.com/embed/comments/?base=default&version=c90880705f245f49fcfdc2d4a083b6b3&f=shiy&t_i=PAGE_IDENTIFIER&t_u=http%3A%2F%2Flocalhost%3A8000&t_d=EasyXDM&t_t=EasyXDM&s_o=default

At the moment I have my app on AWS EC2 with mupx and Free SSL from Lets Encrypt… I do not know how to not forward the user to HTTPS if the user request HTTP.

Any help guys ?

You’re asking how to not forward them. That defeats the purpose of SSL.

If you have SSL, you forward them.

I wanna only disable https for ONE route… is it possible ??
Like biggest companies do it… Disqus I think Facebook like button does this too…

If I have to remove SSL altogether I will… I’m at that stage right now :frowning:

if you see this link http://www.watchseries.li/season-1/limitless see the like button src for example. it is loading http:// not https:// because you cannot load https:// on a http:// window…

This is the same issue I have… I cannot embed my app on Clients websites when I’m running https:// and when they have HTTP

There is a kind of snippet here, http://serverfault.com/questions/270339/nginx-force-ssl-on-one-path-non-ssl-on-others

I just wanna swap this around and even if I did. I have no idea where to place this code

How about linking them with an <a></a> tag, and not putting https:// in the link?

ok let me explain my situation.

I’m building exactly something like Disqus but for a private client.
I use Iframe.

So on the iframe I have something like this

<iframe src="//mymeteordomain.com/embed" /> on a website which is at http://www.embedParent-geneve.ch

Now the iframe loads all the files proerly rom my meteor app.

But get this error

Blocked a frame with origin “https://mymeteordomain.com” from accessing a frame with origin “http://www.embedParent-geneve.ch”. The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http”. Protocols must match.

1 Like

There is also this message on one of the plugins I use to watch headers change

307: Internal (browser cached) redirect to https://myapp.com/
The server has previously indicated this domain should always be accessed via HTTPS (HSTS Protocol). Chrome has cached this internally, and did not connect to any server for this redirect. Chrome reports this redirect as a “307 Internal Redirect” however this probably would have been a “301 Permanent redirect” originally. You can verify this by clearing your browser cache and visiting the original URL again.
Server IP Address(not available)
Locationhttps://dishdeep.com/
Non-Authoritative-ReasonHSTS

There is a http://serverfault.com/questions/10854/nginx-https-serving-with-same-config-as-http?answertab=active#tab-top

Only if I get some information on best practices to editing nginx conf deployed with MUPX