[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org
From: |
Paul Eggert |
Subject: |
[bug-diffutils] bug#56468: [gnu.org #1853606] Re: bug#56468: www.gnu.org doesn't change http: to https: |
Date: |
Thu, 28 Jul 2022 13:23:58 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 |
On 7/28/22 12:08, Andrew Engelbrecht via RT wrote:
We want to support both HTTPS and HTTP, for those who are using old browsers
with outdated ciphers, etc. The HSTS rule is there for people who do visit the
HTTPS site, so they will automatically use it in the future.
That sort of thing made sense years ago. But nowadays all the top
websites (google.com, youtube.com, facebook.com, wikipedia.org,
twitter.com, reddit.com, amazon.com, etc.) redirect HTTP to HTTPS. For
example:
$ curl --head http://wikipedia.org
HTTP/1.1 301 TLS Redirect
Date: Thu, 28 Jul 2022 20:21:38 GMT
Server: Varnish
X-Varnish: 376727111
X-Cache: cp4029 int
X-Cache-Status: int-front
Server-Timing: cache;desc="int-front", host;desc="cp4029"
Permissions-Policy: interest-cohort=()
Set-Cookie:
WMF-Last-Access=28-Jul-2022;Path=/;HttpOnly;secure;Expires=Mon, 29 Aug
2022 12:00:00 GMT
Set-Cookie:
WMF-Last-Access-Global=28-Jul-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Mon,
29 Aug 2022 12:00:00 GMT
X-Client-IP: 2603:8001:6407:db8d:2280:c8bd:bd1c:bace
Location: https://wikipedia.org/
Content-Length: 0
Connection: keep-alive
Essentially nobody uses browsers so old that they can't handle this, so
gnu.org might as well do what major websites do. That way, we won't
confuse and/or discourage ordinary users like the person who filed GNU
Bug#56488.