Awkwardly, I just emailed out links to pay for Rebuilding Rails with “http://” in front. Like, not “https://”.

Not so good. I was immediately called on it by one of my list subscribers, using my own words! Can I just say how much I love you guys for actually paying attention? People on my mailing list rule.

I considered emailing out an abject apology and hoping I never did it again, until it hit me…

“Hey, wait! I should never allow insecure links to that from anybody. Can’t I just force it https?”

Yup. Here’s what I used:

    if(window.location.protocol != 'https:') {
      location.href = location.href.replace("http://", "https://");

That’s not as good as redirecting to https directly in NGinX, which I may also do. But it’s a great quick fix, and it makes sure that the mistake will be fixed if it happens again.