GNU bug report logs -
#56468
www.gnu.org doesn't change http: to https:
Previous Next
Reported by: Jerry Peek <jpeek <at> jpeek.com>
Date: Sat, 9 Jul 2022 17:05:02 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
Message #16 received at 56468 <at> debbugs.gnu.org (full text, mbox):
On 7/28/22 12:08, Andrew Engelbrecht via RT wrote:
> We want to support both HTTPS and HTTP, for those who are using old browsers with outdated ciphers, etc. The HSTS rule is there for people who do visit the HTTPS site, so they will automatically use it in the future.
That sort of thing made sense years ago. But nowadays all the top
websites (google.com, youtube.com, facebook.com, wikipedia.org,
twitter.com, reddit.com, amazon.com, etc.) redirect HTTP to HTTPS. For
example:
$ curl --head http://wikipedia.org
HTTP/1.1 301 TLS Redirect
Date: Thu, 28 Jul 2022 20:21:38 GMT
Server: Varnish
X-Varnish: 376727111
X-Cache: cp4029 int
X-Cache-Status: int-front
Server-Timing: cache;desc="int-front", host;desc="cp4029"
Permissions-Policy: interest-cohort=()
Set-Cookie:
WMF-Last-Access=28-Jul-2022;Path=/;HttpOnly;secure;Expires=Mon, 29 Aug
2022 12:00:00 GMT
Set-Cookie:
WMF-Last-Access-Global=28-Jul-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Mon,
29 Aug 2022 12:00:00 GMT
X-Client-IP: 2603:8001:6407:db8d:2280:c8bd:bd1c:bace
Location: https://wikipedia.org/
Content-Length: 0
Connection: keep-alive
Essentially nobody uses browsers so old that they can't handle this, so
gnu.org might as well do what major websites do. That way, we won't
confuse and/or discourage ordinary users like the person who filed GNU
Bug#56488.
This bug report was last modified 2 years and 296 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.