Add the option to force Summon to load over https
In October, Google Chrome release 62 will begin labeling any website loaded over http and containing a form (i.e. every library webpage ever) as "Not Secure." You can read more about that here: https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
We currently have all our links to and search forms use HTTPS to access Summon, but we can't force all our users onto HTTPS. Since the *.summon.serialssolutions.com wildcard certificate covers every instance of Summon, why not add an option to force all Summon connections to use HTTPS? (Or just make it the default.)
While you're at it, why not add your exlibrisgroup wildcard certificate to your User Voice account so that I can enter a password for this Ideas group on a secure page, rather than an insecure one? ;)
Your institution can now set your site to force redirect to HTTPS. You can turn this on or off for your institution via the Admin Console under Settings under the default General tile; simply turn on the 3rd setting from the top: Force HTTPS via redirect.
-
Virginia Dearborn commented
Yes, please! Forcing HTTPS would be very much appreciated here.
-
Suzy Bailey commented
Great idea. I just want to highlight an issue for us - ProQuest/ExLibris manages our custom script and hosts it at http://local.4libs.org/ - they don't support https to my knowledge, so ideally alternative hosting arrangements would be considered as part of this improvement.
-
Patricia Farnan commented
Three votes for this one!
-
Debby Andreadis commented
This is a great and necessary idea. Thanks for posting it Matthew.