Details
Description
Several places in the java code and documentation refer to http://www.jalview.org/
These should be changed to https://www.jalview.org/ where possible.
Some java http client calls are made to http:// and are made by a client that does not handle https (and these clients will persist in older installed versions of Jalview, particularly pre-2.11.0, which are still in use so cannot just "go away" by updating the client).
For ongoing releases of Jalview the java http client could be updated to allow https, and these URLs updated.
For the website, it isn't possible to set a global redirect from http to https simply using either HSTS (recommended) or Location headers as the old Java clients do not follow the redirect (and may well ignore HSTS? -- worth checking).
Possibly we could set the web server to issue an HSTS or Location header AS WELL AS serving the original content, which will satisfy both the old-but-still-in-use java clients in old versions of Jalview, and the website and complaints from modern browsers.
These should be changed to https://www.jalview.org/ where possible.
Some java http client calls are made to http:// and are made by a client that does not handle https (and these clients will persist in older installed versions of Jalview, particularly pre-2.11.0, which are still in use so cannot just "go away" by updating the client).
For ongoing releases of Jalview the java http client could be updated to allow https, and these URLs updated.
For the website, it isn't possible to set a global redirect from http to https simply using either HSTS (recommended) or Location headers as the old Java clients do not follow the redirect (and may well ignore HSTS? -- worth checking).
Possibly we could set the web server to issue an HSTS or Location header AS WELL AS serving the original content, which will satisfy both the old-but-still-in-use java clients in old versions of Jalview, and the website and complaints from modern browsers.