[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org

From: Paul Eggert
Subject: [bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org doesn't change http: to https:
Date: Thu, 28 Jul 2022 13:23:58 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

On 7/28/22 12:08, Andrew Engelbrecht via RT wrote:

We want to support both HTTPS and HTTP, for those who are using old browsers 
with outdated ciphers, etc. The HSTS rule is there for people who do visit the 
HTTPS site, so they will automatically use it in the future.

That sort of thing made sense years ago. But nowadays all the top websites (google.com, youtube.com, facebook.com, wikipedia.org, twitter.com, reddit.com, amazon.com, etc.) redirect HTTP to HTTPS. For example:

  $ curl --head http://wikipedia.org
  HTTP/1.1 301 TLS Redirect
  Date: Thu, 28 Jul 2022 20:21:38 GMT
  Server: Varnish
  X-Varnish: 376727111
  X-Cache: cp4029 int
  X-Cache-Status: int-front
  Server-Timing: cache;desc="int-front", host;desc="cp4029"
  Permissions-Policy: interest-cohort=()
Set-Cookie: WMF-Last-Access=28-Jul-2022;Path=/;HttpOnly;secure;Expires=Mon, 29 Aug 2022 12:00:00 GMT Set-Cookie: WMF-Last-Access-Global=28-Jul-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Mon, 29 Aug 2022 12:00:00 GMT
  X-Client-IP: 2603:8001:6407:db8d:2280:c8bd:bd1c:bace
  Location: https://wikipedia.org/
  Content-Length: 0
  Connection: keep-alive

Essentially nobody uses browsers so old that they can't handle this, so gnu.org might as well do what major websites do. That way, we won't confuse and/or discourage ordinary users like the person who filed GNU Bug#56488.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]