NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: misc/56220: http://man.netbsd.org should redirect to https://man.netbsd.org
The following reply was made to PR misc/56220; it has been noted by GNATS.
From: Kimmo Suominen <kim%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: misc/56220: http://man.netbsd.org should redirect to
https://man.netbsd.org
Date: Tue, 1 Jun 2021 07:03:40 +0300
On Mon, May 31, 2021 at 10:50:02PM +0000, Jan Schaumann wrote:
> Do we believe there is a non-negligible number of users who access
> the site using a mechanism that can't speak https?
Yes, that's what I've been told. However, it appears to be a set of
users elusive enough that I was unable to find a specimen to test or
discuss with. So I used the following logic:
- Preserve access over http.
- If the browser sends "Upgrade-Insecure-Requests: 1" over http,
redirect it to https.
- If the browser checks the HSTS preload list, it likely also sends
"Upgrade-Insecure-Requests: 1" over http. Thus preload is unlikely to
break anyone's http access.
Current versions of Chrome, Firefox, and Safari all now get redirected
to https without displaying a "Not Secure" warning. Yet I can still
use "lynx man.netbsd.org" to browse the site over http without being
redirected to https.
Most requests made to man.netbsd.org, by the way, are from various
spiders using a mix of http and https requests. They outnumber humans by
a huge margin in their number of visits to the site. From the relatively
brief period of log watching, it would appear that they do not send
"Upgrade-Insecure-Requests: 1" over http, as they are not getting the
redirect response.
Finally, to reiterate your request: the problem you reported was that
modern browsers display a "Not Secure" notification when visiting the
site. I believe this has now been addressed, so that it no longer
happens.
If it has not been fixed, it would be helpful to know how to reproduce
the problem.
If there are additional issues, please open a new PR to report them.
Please consider opening multiple PRs if the issues are not closely
related, as it will make it easier to address each issue individually.
Thanks,
+ Kimmo
Home |
Main Index |
Thread Index |
Old Index