Hacker News new | comments | show | ask | jobs | submit login

This is yet another reason I'm glad that SPDY is manditory TLS encryption. Shenanigans like this get a lot harder.

I'm hoping we see a lot more SPDY (or plain https) rollouts in the near future.

It's enough that I'm going to try now to https-ify all of my web properties, including adding HTTP Strict Transport Security headers where they aren't.




My personal site, for various reasons including this one, is entirely HTTPS. If you try to access any part of my site by HTTP, you're just redirected to HTTPS.

(this is mostly because I'm too lazy to maintain separate site configurations for HTTPS and HTTP)


Make sure you also set the Strict-Transport-Security header to prevent attacks against the HTTP-to-HTTPS redirect.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: