undefined | Better HN

0 pointsp1mrx2y ago0 comments

Nice. I see that https://httpforever.com/ exists with a 301 redirect to http://httpforever.com/, but that's probably good enough for most practical purposes.

0 comments

notatoad2y ago

that appears to also be what neverssl is doing - they support https only for the purposes of redirecting to a non-ssl domain

p1mrxOP2y ago

Nope, when I go to neverssl.com, it ultimately lands on an HTTPS url, e.g. https://shinyquietbrightsong.neverssl.com/online/

Edit: I'm running Chrome OS 113 beta. Maybe they changed something recently, to automatically use HTTPS unless prohibited by the server? This also happens in Guest mode with no extensions.

0xffff22y ago

Do you have HTTPS Everywhere or a similar plugin installed? If you look at the page source, it's "redirecting" in a script with this line:

    window.location.href = 'http://' + prefix + '.neverssl.com/online'

I get a plain http page on Firefox/Ubuntu.

marcosdumay2y ago

It is your browser doing that redirect, not the side.

The http://neverssl.com ends up on an http page, and so does https://neverssl.com. But that final page (the one you posted) does not itself redirect from https to http.

0xffff22y ago

neverssl seems to be doing some weird thing where it uses Javascript to load a non-https link rather than an actual redirect. I can't for the life of me guess why that would be better than a simple 301 redirect.

re2y ago

https://news.ycombinator.com/item?id=35792149

The primary goal of NeverSSL is to be useful on networks with captive portals that intercept HTTP and block HTTPS (until you have signed in). The JavaScript redirect is at least browser cacheable, whereas a 301 redirect sent via HTTPS would be useless in that scenario as it would fail to load.

1 more reply

pabs32y ago

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

j / k navigate · click thread line to collapse

0 comments

notatoad2y ago

that appears to also be what neverssl is doing - they support https only for the purposes of redirecting to a non-ssl domain

p1mrxOP2y ago

Nope, when I go to neverssl.com, it ultimately lands on an HTTPS url, e.g. https://shinyquietbrightsong.neverssl.com/online/

Edit: I'm running Chrome OS 113 beta. Maybe they changed something recently, to automatically use HTTPS unless prohibited by the server? This also happens in Guest mode with no extensions.

0xffff22y ago

Do you have HTTPS Everywhere or a similar plugin installed? If you look at the page source, it's "redirecting" in a script with this line:

    window.location.href = 'http://' + prefix + '.neverssl.com/online'

I get a plain http page on Firefox/Ubuntu.

marcosdumay2y ago

It is your browser doing that redirect, not the side.

The http://neverssl.com ends up on an http page, and so does https://neverssl.com. But that final page (the one you posted) does not itself redirect from https to http.

0xffff22y ago

re2y ago

https://news.ycombinator.com/item?id=35792149

1 more reply

pabs32y ago

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

j / k navigate · click thread line to collapse