Default to HTTPS

Chrome peer-pressuring us by locking Notification behind HTTPS... they
also lock plenty of other things behind HTTPS and the trade-off seems
worth-it now.

.htaccess

@@ -16,8 +16,10 @@ AddType application/x-web-app-manifest+json .webapp
 <IfModule mod_rewrite.c>
 RewriteEngine on
 
-RewriteCond %{HTTP:X-Forwarded-Proto} ^https$
-RewriteRule ^(.*) - [E=P_SUFFIX:s]
+RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
+RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
+RewriteCond %{QUERY_STRING} !^insecure [NC]
+RewriteRule ^([A-Za-z0-9-]*)$ https://play.pokemonshowdown.com/$1 [R=307,NE,L]
 
 # basic stuff
 RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
@@ -44,20 +46,22 @@ RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
 RewriteRule ^contact\/?$ http://pokemonshowdown.com/contact [R=302,L]
 RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
 RewriteRule ^dex\/?$ http://dex.pokemonshowdown.com/ [R=302,L]
+RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
+RewriteRule ^insecure\/?$ http://play.pokemonshowdown.com/?insecure [R=302,L]
 
 RewriteCond %{HTTP_HOST} ^www\.play\.pokemonshowdown\.com$ [NC]
-RewriteRule ^(.*) http%{ENV:P_SUFFIX}://play.pokemonshowdown.com/$1 [R=301,L]
+RewriteRule ^(.*) https://play.pokemonshowdown.com/$1 [R=301,L]
 
 RewriteRule ^style/fonts?/.*?\.(eot|svg|ttf|woff|woff2)$ - [E=SAFE_RESOURCE:1]
 Header set Access-Control-Allow-Origin * env=SAFE_RESOURCE
 
 # Redirect old battles to their corresponding replay
 # RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
-# RewriteRule ^battle-([a-z0-9]+-[12][0-9]{8})$ http%{ENV:P_SUFFIX}://replay.pokemonshowdown.com/$1 [R=302,L]
+# RewriteRule ^battle-([a-z0-9]+-[12][0-9]{8})$ https://replay.pokemonshowdown.com/$1 [R=302,L]
 RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
-RewriteRule ^battle-([a-z0-9]+-[0-9]{8})$ http%{ENV:P_SUFFIX}://replay.pokemonshowdown.com/$1 [R=302,L]
+RewriteRule ^battle-([a-z0-9]+-[0-9]{8})$ https://replay.pokemonshowdown.com/$1 [R=302,L]
 RewriteCond %{HTTP_HOST} ^play\.pokemonshowdown\.com$ [NC]
-RewriteRule ^battle-([a-z0-9]+)$ http%{ENV:P_SUFFIX}://replay.pokemonshowdown.com/$1 [R=302,L]
+RewriteRule ^battle-([a-z0-9]+)$ https://replay.pokemonshowdown.com/$1 [R=302,L]
 
 # TODO: fix bug where you can't join lobby directly
 RewriteRule ^lobby/?$ / [R=301,L]
@@ -89,13 +93,13 @@ RewriteCond %{REMOTE_ADDR} !=162.243.13.96
 RewriteCond %{HTTP:CF-Connecting-IP} !=173.252.196.254
 RewriteCond %{HTTP:CF-Connecting-IP} !=198.27.67.31
 RewriteCond %{HTTP:CF-Connecting-IP} !=162.243.13.96
-RewriteRule .* http%{ENV:P_SUFFIX}://pokemonshowdown.com/ [R=303,L]
+RewriteRule ^.* https://pokemonshowdown.com/ [R=303,L]
 
-RewriteRule ^replay/battle-([A-Za-z0-9-]+)$ http%{ENV:P_SUFFIX}://pokemonshowdown.com/replay/$1 [R=302,L]
+RewriteRule ^replay/battle-([A-Za-z0-9-]+)$ https://replay.pokemonshowdown.com/$1 [R=302,L]
 RewriteRule ^replay/turn_(.+)\.png$ replay/turn-image.php?data=$1 [L,QSA]
 
 RewriteCond %{QUERY_STRING} !output=html
-RewriteRule ^ladder\.php$ http%{ENV:P_SUFFIX}://pokemonshowdown.com/ladder/ [R=301,L]
+RewriteRule ^ladder\.php$ https://pokemonshowdown.com/ladder/ [R=301,L]
 
 RewriteRule ^~~([^:/]*)(:[0-9]*)?/action\.php$ action.php?serverid=$1 [L,QSA]
 RewriteRule ^~~([^:/]*)(/.*)?$ http://$1.psim.us$2 [R=301,L]

js/client-teambuilder.js

@@ -321,6 +321,9 @@
 				buf += '<h2>Hi</h2>';
 				buf += '<p>Did you have a good day?</p>';
 				buf += '<p><button class="button" name="greeting" value="Y"><i class="fa fa-smile-o"></i> Yes, my day was pretty good</button> <button class="button" name="greeting" value="N"><i class="fa fa-frown-o"></i> No, it wasn\'t great</button></p>';
+				if (Storage.teams && !Storage.teams.length) {
+					buf += '<p><a style="color:#AA2222;text-decoration:none" href="http://play.pokemonshowdown.com/recoverteams.html" target="blank">Some people have reported losing their teams in our switch to HTTPS. If that\'s you, use this <u><b>Team Recovery Tool</b></u> to get your teams back.</a></p>';
+				}
 				buf += '<h2>All teams</h2>';
 			} else {
 				if (this.curFolder.slice(-1) === '/') {

js/client.js

@@ -726,12 +726,6 @@
 			this.socket.onclose = function () {
 				if (!socketopened) {
 					if (Config.server.altport && !altport) {
-						if (document.location.protocol === 'https:') {
-							if (confirm("Could not connect with HTTPS. Try HTTP?")) {
-								return document.location.replace('http://' +
-									document.location.host + document.location.pathname);
-							}
-						}
 						altport = true;
 						Config.server.port = Config.server.altport;
 						self.socket = reconstructSocket(self.socket);
@@ -2513,7 +2507,11 @@
 
 			if (data.cantconnect) {
 				buf += '<p class="error">Couldn\'t connect to server!</p>';
-				buf += '<p class="buttonbar"><button type="submit">Retry</button> <button name="close">Work offline</button></p>';
+				if (document.location.protocol === 'https:') {
+					buf += '<p class="buttonbar"><button type="submit"><strong>Retry</strong></button> <button name="tryhttp">Retry with HTTP</button> <button name="close">Work offline</button></p>';
+				} else {
+					buf += '<p class="buttonbar"><button type="submit"><strong>Retry</strong></button> <button name="close">Work offline</button></p>';
+				}
 			} else if (data.message && data.message !== true) {
 				buf += '<p>' + data.message + '</p>';
 				buf += '<p class="buttonbar"><button type="submit" class="autofocus"><strong>Reconnect</strong></button> <button name="close">Work offline</button></p>';
@@ -2525,6 +2523,10 @@
 			buf += '</form>';
 			this.$el.html(buf);
 		},
+		tryhttp: function () {
+			document.location.replace('http://' +
+				document.location.host + document.location.pathname + '?insecure');
+		},
 		submit: function (data) {
 			document.location.reload();
 		}

package.json

@@ -2,7 +2,7 @@
   "name": "pokemon-showdown-client",
   "version": "0.11.0",
   "author": "Guangcong Luo <[email protected]> (http://guangcongluo.com)",
-  "homepage": "http://play.pokemonshowdown.com",
+  "homepage": "https://pokemonshowdown.com",
   "license": "AGPL-3.0",
   "repository": {
     "type": "git",

recoverteams.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<script>
+	Config = {};
+	exports = window;
+	if (location.protocol === 'https:') location.replace('http://play.pokemonshowdown.com/recoverteams.html')
+</script>
+<script src="//play.pokemonshowdown.com/js/lib/jquery-2.1.4.min.js"></script>
+<script src="//play.pokemonshowdown.com/data/pokedex.js?ca7cba96"></script>
+<script src="//play.pokemonshowdown.com/data/moves.js?70de5a3d"></script>
+<script src="//play.pokemonshowdown.com/data/items.js?1e79955f"></script>
+<script src="//play.pokemonshowdown.com/data/abilities.js?8803a95c"></script>
+	<script src="//play.pokemonshowdown.com/data/pokedex-mini.js?d37cc7ad"></script>
+	<script src="//play.pokemonshowdown.com/data/typechart.js?72ddddb8"></script>
+<script src="js/battledata.js"></script>
+<script src="js/storage.js"></script>
+Instructions:
+<ol>
+<li>Copy the text in the big text box below
+<li>Go to <a href="https://play.pokemonshowdown.com/teambuilder">https://play.pokemonshowdown.com/teambuilder</a></li>
+<li>Click "Backup/Restore all teams" near the bottom</li>
+<li>Paste the text you copied to the bottom</li>
+<li>Click "Save"</li>
+</ol>
+<textarea rows="20" cols='80'></textarea>
+<script>
+	Storage.loadPackedTeams(localStorage.getItem('showdown_teams_local') || localStorage.getItem('showdown_teams'));
+	try {
+		$('textarea').val(Storage.exportAllTeams());
+	} catch (e) {
+		$('textarea').val('' + e);
+	}
+	if (!$('textarea').val()) {
+		document.body.innerHTML = 'Sorry, you have no teams stored here';
+	}
+</script>

showdown.webapp

@@ -11,7 +11,7 @@
   },
   "developer": {
     "name": "Guangcong Luo",
-    "url": "http://pokemonshowdown.com/"
+    "url": "https://pokemonshowdown.com/"
   },
   "installs_allowed_from": [
     "https://appstore.mozillalabs.com",