Go to insecure staging: http://test.archiveofourown.org
Log out to ensure you're accessing works in chapter-by-chapter mode
Find and access a multi-chapter work, and double check that you are still on the insecure site
Open the Chapter Index, choose a chapter using the select menu, and press "Go"
You are taken to the chapter, but on https://test.archiveofourown.org – the secure site. This is a problem if you're on an older device and can't access the secure site.
You should stay on the insecure site.
Oh, good catch, red! My brain utterly failed to notice the missing insecure subdomain in the second http URL.
To answer the remaining questions, though: handing of subdomains and cnames would be Systems' area, and while we do have a lot of 302 redirects courtesy of redirect_to, not all of them bounce you from insecure to secure. There’s a list of some that do in the linked issues, though.
Yeah, the missing subdomain in the location header of the first response made me suspect that it might be a problem with subdomain handling, where the subdomain never even ends up in Rails. But if it doesn’t happen everywhere, that can’t be the issue.
Visited http://insecure-test.archiveofourown.org/works/1071149/chapters/2140877 (I was logged in, using chapter-by-chapter mode).
Opened Chapter Index, chose the other chapter in the select menu, and pressed "Go". Ended up on http://insecure-test.archiveofourown.org/works/1071149/chapters/2140880.
Looks good, opened a chaptered work, browsed using the “forward” button. Then went to the “fullpage index” which worked as well. Then picked chapters from the dropdown chapter index, worked correctly as well.
Is this supposed to be deployed on Beta, or just on Staging? It still seems to be an issue on insecure.archiveofourown.org.
Never mind, I think it was just my browser behaving badly. Sorry for the false alarm!