rugk

BTW, because I think you are talking about different things here: Of course, I only mean the official server/website. When someone self-hosts the server, he/she can of course do whatever...

Of course you need to allow https in the api. And as said, if of uses a different server then this does not apply. (I'm just talking about the usual...

Okay, I see. But you could still redirect the user, when the main site is visited. Or maybe better idea:Make a legacy subdomain (http.overpass-api.org), which uses HTTPS and allows to...

Indeed, the API domain should stay compatible of course, and in this way it does not need to change.

BTW I am also talking about the share dialog. This also always gives HTTP links. It should, however, (especially when the site is accessed via HTTPS) give HTTPS links.

See also: OpenStreetMap.org issue about [HTTPS](https://github.com/openstreetmap/operations/issues/117).

Yet there is another link: The shortlinks generated when sharing a query can also be accessed via HTTPS, but they always redirect to the HTTP version…

I'd still argue for having a "http.overpass-turbo.eu" domain, which can be accessed via HTTP and the default one just uses HTTPS. As the default Overpass-API server supports HTTPS and, I...

As for data migration I only found: https://stackoverflow.com/questions/46509174/migrate-localstorage-data-from-http-to-https Otherwise you maybe just need a "export" and "import" feature for the user. That may also generally be a nice thing, so...

Yeah obviously you may have some "migration time" (some months or so), where users can export and import their stuff. In that time, you can already enable the HTTPS redirect,...