[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org
From: |
Paul Eggert |
Subject: |
[bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org doesn't change http: to https: |
Date: |
Fri, 29 Jul 2022 11:39:33 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 |
On 7/29/22 00:09, Jerry Peek wrote:
I just pasted http://www.gnu.org/software/diffutils/manual/ into the
address bar on the latest version of six browsers: Firefox, Opera and
Microsoft Edge under Windows 10 and Firefox, Opera and DuckDuckGo
Privacy Browser under Android 12. All ended up with the address
https://www.gnu.org/software/diffutils/manual/ and a padlock or
checkmark showing a "secure" page.
Under older versions of Cygwin on Windows 10 (I'm not sure how to find
the Cygwin version), with GNU wget 1.21.1 and curl 7.76.0, that same
address did not seem to redirect to https:
Yes, I think that was the intent of the recent change. That is,
www.gnu.org now acts more like www.google.com (and as you observed, not
like www.wikipedia.org; see below). Whether this is the "best" is a
matter of opinion, but clearly www.gnu.org is now in good company.
http://www.gnu.org is outputting a useless Strict-Transport-Security:
header but as far as I know that's merely an inefficiency, not a bug.
$ curl --head http://www.gnu.org
HTTP/1.1 200 OK
Date: Fri, 29 Jul 2022 18:24:51 GMT
Server: Apache/2.4.29
Content-Location: home.html
Vary: negotiate,accept-language,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Fri, 29 Jul 2022 18:24:51 GMT
Content-Type: text/html
Content-Language: en
$ curl --head http://www.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Fri, 29 Jul 2022 18:24:59 GMT
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Expires: Fri, 29 Jul 2022 18:24:59 GMT
Cache-Control: private
Set-Cookie: 1P_JAR=2022-07-29-18; expires=Sun, 28-Aug-2022 18:24:59 GMT;
path=/; domain=.google.com; Secure
Set-Cookie:
AEC=AakniGNul8AgwlW6sC5rGWuEvD--cweQ2yad1Ikhxj26O6Ch8rBqoR-UOME;
expires=Wed, 25-Jan-2023 18:24:59 GMT; path=/; domain=.google.com;
Secure; HttpOnly; SameSite=lax
Set-Cookie:
NID=511=Yz43SAbjtYepJ9nfKqIqYjWR8jRXOtsC-M9HjFxCcycnwg5msMBkCZan5pfszqFU9umKm50lEvR14itBCequZk0xxIONvmoGa2mY3rku-ncBRywiX8T86qX_p7Elcl5exzGTLlDbDelFxQv7bBDw0os8bovMYIUSnP8izGWI0-A;
expires=Sat, 28-Jan-2023 18:24:59 GMT; path=/; domain=.google.com; HttpOnly
$ curl --head http://www.wikipedia.org
HTTP/1.1 301 TLS Redirect
Date: Fri, 29 Jul 2022 18:25:09 GMT
Server: Varnish
X-Varnish: 123005163
X-Cache: cp1077 int
X-Cache-Status: int-front
Server-Timing: cache;desc="int-front", host;desc="cp1077"
Permissions-Policy: interest-cohort=()
Set-Cookie:
WMF-Last-Access=29-Jul-2022;Path=/;HttpOnly;secure;Expires=Tue, 30 Aug
2022 12:00:00 GMT
Set-Cookie:
WMF-Last-Access-Global=29-Jul-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Tue,
30 Aug 2022 12:00:00 GMT
X-Client-IP: 2603:8001:6407:db8d:a841:5d39:9c4c:b408
Location: https://www.wikipedia.org/
Content-Length: 0
Connection: keep-alive