Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Don't modern browsers automatically redirect http to https?
 help



No they don't. I tried Chrome, Firefox, and Safari. None of them attempted to redirect. They just show a "not secure" warning in the URL bar.

The redirect only happens when it's configured on the web server, set in HSTS, or on a TLD that enforces HTTPS. None of these apply to this website.


Apparently it's not on by default, but all of my browsers do and also warn me whenever a site does not support HTTPS (and require me to explicitly click through to the unencrypted connection).

Not unless the site sends the CSP header to tell it to upgrade to https: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

A client side option to force https might still be useful though. But I can imagine at least some enterprise webapp that would die horribly if you tried this.


Then use a non-buggy browser...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: