SSL sign up issues

[loleg]

While an SSL certificate is present on the site (thanks Augusto in #102 for checking), HTTP is not redirected to HTTPS as it should. Furthermore, the site is shown as not completely secure because the absolute link to the newsletter sign-up is to an HTTP resources. We should probably just point this to the GitHub issues and appropriate Discourse forum.

The specific error in the dev console is:

Mixed Content: The page at 'https://publicbodies.org/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://lists.okfn.org/mailman/subscribe/okfn-labs'. This endpoint should be made available over a secure connection.

[augusto-herrmann]

I have replaced the HTTP link on that old form in PR #108.

For the HTTP -> HTTPS redirection to work, however, it would be necessary to change the application code. But this is ancient node.js, and before changing it it would be advisable to upgrade it to a more recent node.js version. That also means updating / getting rid of all those deprecated and obsolete dependencies:

npm WARN deprecated [email protected]: Updated API and improved functionality.
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: this library is no longer supported

> [email protected] install /home/node/portal/node_modules/leveldown
> node-gyp-build

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] license should be a valid SPDX license expression

added 159 packages from 149 contributors and audited 160 packages in 11.598s

13 packages are looking for funding
  run `npm fund` for details

found 29 vulnerabilities (10 low, 11 moderate, 7 high, 1 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

I tried to do it, but then got an error:

internal/modules/cjs/loader.js:818
  throw err;
  ^

Error: Cannot find module '/home/node/portal/express'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
    at internal/main/run_main_module.js:17:47 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}

which is strange, as the express package is installed.

I suspect that to modernize Javascript and node.js on this application would require rewriting a good chunk of it and would also be beyond my current ability in this area.

[augusto-herrmann]

I created issue #110 and drafted PR #111 to try to solve this. Once we can get the site running on modern code, I think adding the HTTP -> HTTPS redirect should be easy.