On 25/02/2020 15:53, Felix Schumacher wrote: > Hi all, > > as more and more browsers are marking http as unsecure, we should > redirect all http requests to tomcat.apache.org to https.
I really don't like this. I'm happy to support https for those people that want to use it but I see no need to require https for everybody for tomcat.apache.org. We should not be dictating to our users what security / privacy / caching / performance / etc. trade-offs are appropriate for them. We should support as many options as possible and let our users decided. I'm not quite -1 on this but I am close. Mark > We can enable that by adding a rewrite rule to the .htaccess file in the > xdocs folder of our site repo. > > For JMeter we used the following fragment: > > RewriteEngine On > > # Redirect http to https > # From Cordova PMC Member raphinesse > # https://s.apache.org/An8s > > # If we receive a forwarded http request from a proxy... > RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR] > > # ...or just a plain old http request directly from the client > RewriteCond %{HTTP:X-Forwarded-Proto} ="" > RewriteCond %{HTTPS} !=on > > # Redirect to https version > RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L] > > Anything against adding this to our .htaccess file? > > Felix > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
