Ace Attorney Online

The problem I'm reporting is literally in the title.

A little context:

As I was logging in to check my messages and whatnot, my browser did a Forbidden Error and my antivirus software triggered for "Online Threat Protection." This is because there is no encryption on this website. I'm saavy enough to know that this site is safe relative to other sites on the internet. However, for potential users, it's not fair to expect them to turn down their shields for this website in order to get this site to work for them.

Hell, C-R has encryption protection.

I'm guessing this is because the site does not utilize HTTPS. I wasn't aware that there's already security software out there that makes it mandatory and blocks any site that doesn't use it - the portion of the web where this is the case is still quite large, I think - but that means there are plenty of benign websites outside of AAO that would get blocked for users of such software.

I don't personally see a reason why we couldn't switch to HTTPS; ever since the Let's Encrypt CA is a thing, I don't think there's any non-technical excuse not to. This is something that Unas would have to do. Perhaps there are technical reasons why doing it might be a little more difficult than might meet the eye?

I'll bring this to Unas's attention. That's as much as I can do.

I can tell you exactly what's triggering antivirus/antispam software. Not the fact that I'm using the website, not the fact that I'm logging in (in of itself, that is). It's the fact that a redirect happens after inputting credentials successfully that's tripping the software. It thinks because AAO doesn't use HTTPS, therefore my account is at risk of being hacked when I input my credentials.

Indeed, that's something that I should fix. Your security suite is correct when it complains.

Back when I was actively working on AAO, setting up for HTTPS was costly so I didn't do it; it became free some few years ago but then I wasn't so active anymore and never took the time.

I just took a bit of time this evening to enable it; normally you can now access the site through https://www.aaonline.fr/.
Let me know if you have any issue that way.

I'm not enabling automatic redirection to force users to use HTTPS yet, first to make sure that everything works fine, and because I'll have to plan a general upgrade of the server in the next few months (the current one is getting very old)

I'm surfing with the HTTPS and re-upped the security suite. So far, nothing is tripping and everything is working fine so far.

I'm going to lock the topic to mark it's closed. If new issues come up, please make a new topic.

Again, thanks for the report!