Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org

To: kim%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, jschauma%netmeister.org@localhost
Subject: Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org
From: Kimmo Suominen <kim%netbsd.org@localhost>
Date: Mon, 31 May 2021 07:30:02 +0000 (UTC)

The following reply was made to PR misc/56220; it has been noted by GNATS.

From: Kimmo Suominen <kim%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: misc/56220: http://man.netbsd.org should redirect to
 https://man.netbsd.org
Date: Mon, 31 May 2021 10:25:55 +0300

 I added a check for the Upgrade-Insecure-Requests header in the incoming
 request. If it is set to "1", the server will respond with a redirect to
 HTTPS instead of serving the manual page.

 This is only done for manual page content (as opposed to robots.txt or
 the site icon, etc.) but since the first request in typical use is for
 a manual page, this should cover upgrading users with modern browsers
 and avoiding the browser warning about an insecure site.

 Here is a link to an example I used as inspiration:
 https://blog.kutej.net/2018/06/Nginx-redirect-on-Upgrade-Insecure-Requests-1

 I wonder if I should also set the HSTS header if the request also came
 in over HTTPS already. I probably should...

 Cheers,
 + Kimmo

Prev by Date: Re: misc/56220 (http://man.netbsd.org should redirect to https://man.netbsd.org)
Next by Date: Re: toolchain/55837 (GCC 9.3 g++ generates wrong codes for hard-float arm)
Previous by Thread: Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org
Next by Thread: Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org
Indexes:

Home | Main Index | Thread Index | Old Index