For Workes & Pages, what is the name of the domain?
na.tld
What is the isssue or error you’re encountering
Cloudflare Pages sites are not available over HTTP Only connection, they always redirect to HTTPS, even if SSL is disabled for the domain.
What steps have you taken to resolve the issue?
Disabling SSL causes a redirection error when a secure connection cannot be established. Setting SSL to flexible should make SSL optional, but still redirects. I’ve also tried disabling always use HTTPS, and even automatic HTTPS rewrites.
Issue is not domain or site specific, it occurs irrespective of domain or site in question. This is obviously some kind of bug as it should honour my preference for SSL.
What are the steps to reproduce the issue?
Create any Cloudflare Pages site, attach a domain, disable SSL and always use HTTPS and automatic HTTPS rewrites, you will not see your site.
As the sites are static and do not accept user input, there is no technical reason why HTTP only connections should not be permitted. Why would there be a setting to disable SSL for a domain if the site was not permitted to be viewed over HTTP?
I’m not saying I want SSL/HTTPS to not be available, just the redirection to HTTPS to be disabled so it is optional. I have projects in the works that aim to work as far back as IE5, and any SSL enabled site won’t work there, so need SSL to be optional or CFP is not suitable for my static sites. The only thing causing them not to work is the SSL issue. I have tested the projects locally and hosted elsewhere over an HTTP connection and they work beautifully.
Just to clarify, SSL is optional if you host the site elsewhere and use CF as proxy, so the capability for optional SSL is there, it is just not working right for pages service, and this should be fixed. The best option would be for CF to add a setting to choose how SSL works for a pages site, that way the redirection can be enabled or disabled as per user preference not CF preference like it works for sites that just use CF as proxy.
Pages is a site hosting platform intended to push for good. It defaults to TLS 1.2, the currently lowest secure version. It defaults to HTTPS. It runs on Cloudflare’s large and fast network.
Thank you for showing that to me, it is quite interesting to see how dangerous it can be to not use HTTPS.
I still think the decision to make a website use HTTPS should be made by the website owner, not the platform. Cloudflare already gives us this decision making power for websites hosted elsewhere where the proxy is enabled (Orange cloud), and also Cloudflare R2 supports optional HTTPS as well, which I have already successfully tested, so it makes absolutely no sense for them to force HTTPS for Pages sites.
HTTPS should be the same across the entire platform, not be optional in some places and forced in others, and in my opinion, it should let the website owner decide what they want for their site through the use of a setting, and honour that setting, not have that setting be ignored.
I explained previously, I have a project in the works that needs to work in IE5 (which I have in a win98 VM), I also have similar projects planned for other older browsers that don’t support modern HTTPS, so I need a solution where I can make HTTPS optional for these projects, and unless the pages service supports this, then I won’t be able to use Pages for these projects, and it will also make me consider whether I should use Pages for any projects with the uncertainty of what else could be confusing and weird about the service.
I have tested and successfully loaded assets hosted on R2 without HTTPS and on IE5 on Win98, and similarly successfully tested a site hosted elsewhere with orange cloud enabled in the same environment without HTTPS, so it is supported on Cloudflare right now, just seems to not work the same on Pages, which is out of character with other services offered by Cloudflare, and I feel this needs looking into.