On Sun, Dec 31, 2017 at 04:31:00PM +0100, Valentin Brandl wrote: > Hi there, > I'm starting to build a mirror for the tor project. The instructions > page states `Try not to redirect http to https. Many places in the world > cannot use https due to local or national firewalls`. > > Since there should be no redirect, should I also stop sending HSTS > headers when the page is visited via https? Also should or shouldn't I > insert my site into the HSTS preload list?
Thanks everybody for the useful discussion here. I think the right answer for mirror providers is "each person should do whatever they think is best/easiest" -- that should result in some diversity, where hopefully there will be some mirrors that can handle whatever weird situation the censored users find themselves in. If somebody wants to write a patch for the mirror page: https://gitweb.torproject.org/project/web/webwml.git/plain/docs/en/running-a-mirror.wml so it says more reasonable things, that would be great. Thanks! --Roger _______________________________________________ tor-mirrors mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
