undefined | Better HN

0 pointsre2y ago0 comments

https://news.ycombinator.com/item?id=35792149

The primary goal of NeverSSL is to be useful on networks with captive portals that intercept HTTP and block HTTPS (until you have signed in). The JavaScript redirect is at least browser cacheable, whereas a 301 redirect sent via HTTPS would be useless in that scenario as it would fail to load.

0 comments

shawnz2y ago

Isn't a 301 response cacheable?

reOP2y ago

Yes, sorry: the other piece is that NeverSSL wants to redirect to a new domain every time you visit to ensure that the page that you was actually loaded from the network and not from a cache, which a cached 301 to a fixed address wouldn't accomplish.

https://twitter.com/NeverSSL/status/1136488879106666496

mh-2y ago

Depends on the cache control headers, but yes.

j / k navigate · click thread line to collapse