GNU bug report logs -
#56468
www.gnu.org doesn't change http: to https:
Previous Next
Reported by: Jerry Peek <jpeek <at> jpeek.com>
Date: Sat, 9 Jul 2022 17:05:02 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
Message #19 received at 56468 <at> debbugs.gnu.org (full text, mbox):
On 7/28/22 15:16, Ian Kelling via RT wrote:
> If you
> can figure out a good test on the user agent string, please
> let us know.
Another possibility is to have the HTTP page load a script from HTTPS,
and if that loads and runs correctly, have the script redirect to HTTPS.
Or the script could do a more-elaborate test, such as checking whether
the browser supports SNI. This should work for the use case prompting
the bug report (a casual user on a modern browser), while not affecting
ancient browsers, curl, etc. And it'd mean you wouldn't need to worry
about maintaining a test based on user agent strings.
There's a 10-year-old serverfault post about doing this with SNI, here:
https://serverfault.com/questions/389806/redirect-to-ssl-only-if-browser-supports-sni
If you don't like the idea of a script, that post also talks about
whitelisting user agents known to support SNI, whicch is more the sort
of thing you're asking for.
This bug report was last modified 2 years and 296 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.