undefined | Better HN

0 pointsnailer10y ago0 comments

HTTP version really should redir to HTTPS.

0 comments

That won't really fix anything, anyone who wants to MITM the HTTP can just kill the redirect.

Not with HSTS enabled (which they do have). If you get caught before the first request ever, sure, but you've got bigger problems if that is the case.

j / k navigate · click thread line to collapse

0 comments

eridius10y ago

That won't really fix anything, anyone who wants to MITM the HTTP can just kill the redirect.

Tushon10y ago

Not with HSTS enabled (which they do have). If you get caught before the first request ever, sure, but you've got bigger problems if that is the case.

j / k navigate · click thread line to collapse