On 7/28/22 15:16, Ian Kelling via RT wrote:
If you
can figure out a good test on the user agent string, please
let us know.
Another possibility is to have the HTTP page load a script from HTTPS,
and if that loads and runs correctly, have the script redirect to HTTPS.
Or the script could do a more-elaborate test, such as checking whether
the browser supports SNI. This should work for the use case prompting
the bug report (a casual user on a modern browser), while not affecting
ancient browsers, curl, etc. And it'd mean you wouldn't need to worry
about maintaining a test based on user agent strings.
There's a 10-year-old serverfault post about doing this with SNI, here:
https://serverfault.com/questions/389806/redirect-to-ssl-only-if-browser-supports-sni
If you don't like the idea of a script, that post also talks about
whitelisting user agents known to support SNI, whicch is more the sort
of thing you're asking for.
