On 2014/12/24 06:44, Carlin Bingham wrote:
ngninx and apache support url rewriting, letting you redirect from
arbitrary urls with pattern matching. In my experience the primary
uses for this are to redirect from http to https or to remove/add www
in the hostname, so I thought it might be
On Wed, 24 Dec 2014, at 11:03 PM, Stuart Henderson wrote:
On 2014/12/24 06:44, Carlin Bingham wrote:
ngninx and apache support url rewriting, letting you redirect from
arbitrary urls with pattern matching. In my experience the primary
uses for this are to redirect from http to https or to
On 2014/12/25 01:10, Carlin Bingham wrote:
On Wed, 24 Dec 2014, at 11:03 PM, Stuart Henderson wrote:
On 2014/12/24 06:44, Carlin Bingham wrote:
ngninx and apache support url rewriting, letting you redirect from
arbitrary urls with pattern matching. In my experience the primary
uses for
Stuart Henderson writes:
My plan was to propose a way to set the HSTS header if this proposal was
well received, since there isn't much point having a built-in way to set
the header if you're still having to use FCGI anyway to do the
redirects.
I think there is still point in that; even
On 2014/12/24 05:38, Anthony J. Bentley wrote:
There's not really any good way to prevent the case of the first time
user accesses example.com is by typing example.com instead of
https://example.com into the address bar. Firefox and Chrome attempt to
solve this with a preloaded list of
On Tue, Dec 23, 2014 at 12:44 PM, Carlin Bingham c...@viennan.net wrote:
ngninx and apache support url rewriting, letting you redirect from
arbitrary urls with pattern matching. In my experience the primary
uses for this are to redirect from http to https or to remove/add www
in the hostname,
Making insecure redirects that the attacker can manipulate arbitrarily
is worse than dumb. because it trains users to like it.
I do not think we should be propagating such thinking.
On Tue, Dec 23, 2014 at 10:44 AM, Carlin Bingham c...@viennan.net wrote:
ngninx and apache support url
