>
> You may want to investigate HPKP as well.
>
HPKP is on its way out:
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browser_support
Cheers,
Paul
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and
The best way (currently) to do http->https redirects is to use HSTS:
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
You may want to investigate HPKP as well.
—dho
On Fri, Dec 29, 2017 at 5:10 AM
Here is a better way to redirect from HTTPS to
HTTP:
https://github.com/nhooyr/redirecthttp/blob/d87881e4fbfddb1614c9d0934ea97c4163903301/main.go#L10-L19
Also, you don't need a secure variable in the handler, just check for r.TLS.
On Thursday, December 28, 2017 at 12:10:16 PM UTC-5, jzs wrote:
