[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org

From: Paul Eggert
Subject: [bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org doesn't change http: to https:
Date: Fri, 29 Jul 2022 11:39:33 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

On 7/29/22 00:09, Jerry Peek wrote:
I just pasted http://www.gnu.org/software/diffutils/manual/ into the address bar on the latest version of six browsers: Firefox, Opera and Microsoft Edge under Windows 10 and Firefox, Opera and DuckDuckGo Privacy Browser under Android 12. All ended up with the address https://www.gnu.org/software/diffutils/manual/ and a padlock or checkmark showing a "secure" page.

Under older versions of Cygwin on Windows 10 (I'm not sure how to find the Cygwin version), with GNU wget 1.21.1 and curl 7.76.0, that same address did not seem to redirect to https:

Yes, I think that was the intent of the recent change. That is, www.gnu.org now acts more like www.google.com (and as you observed, not like www.wikipedia.org; see below). Whether this is the "best" is a matter of opinion, but clearly www.gnu.org is now in good company.

http://www.gnu.org is outputting a useless Strict-Transport-Security: header but as far as I know that's merely an inefficiency, not a bug.

$ curl --head http://www.gnu.org
HTTP/1.1 200 OK
Date: Fri, 29 Jul 2022 18:24:51 GMT
Server: Apache/2.4.29
Content-Location: home.html
Vary: negotiate,accept-language,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Fri, 29 Jul 2022 18:24:51 GMT
Content-Type: text/html
Content-Language: en

$ curl --head http://www.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Fri, 29 Jul 2022 18:24:59 GMT
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Expires: Fri, 29 Jul 2022 18:24:59 GMT
Cache-Control: private
Set-Cookie: 1P_JAR=2022-07-29-18; expires=Sun, 28-Aug-2022 18:24:59 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=AakniGNul8AgwlW6sC5rGWuEvD--cweQ2yad1Ikhxj26O6Ch8rBqoR-UOME; expires=Wed, 25-Jan-2023 18:24:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=Yz43SAbjtYepJ9nfKqIqYjWR8jRXOtsC-M9HjFxCcycnwg5msMBkCZan5pfszqFU9umKm50lEvR14itBCequZk0xxIONvmoGa2mY3rku-ncBRywiX8T86qX_p7Elcl5exzGTLlDbDelFxQv7bBDw0os8bovMYIUSnP8izGWI0-A; expires=Sat, 28-Jan-2023 18:24:59 GMT; path=/; domain=.google.com; HttpOnly

$ curl --head http://www.wikipedia.org
HTTP/1.1 301 TLS Redirect
Date: Fri, 29 Jul 2022 18:25:09 GMT
Server: Varnish
X-Varnish: 123005163
X-Cache: cp1077 int
X-Cache-Status: int-front
Server-Timing: cache;desc="int-front", host;desc="cp1077"
Permissions-Policy: interest-cohort=()
Set-Cookie: WMF-Last-Access=29-Jul-2022;Path=/;HttpOnly;secure;Expires=Tue, 30 Aug 2022 12:00:00 GMT Set-Cookie: WMF-Last-Access-Global=29-Jul-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Tue, 30 Aug 2022 12:00:00 GMT
X-Client-IP: 2603:8001:6407:db8d:a841:5d39:9c4c:b408
Location: https://www.wikipedia.org/
Content-Length: 0
Connection: keep-alive

reply via email to

[Prev in Thread] Current Thread [Next in Thread]