On Mon, 07 Dec 2015 14:48:52 +0000, Kapps wrote: > On Monday, 7 December 2015 at 14:38:39 UTC, Steven Schveighoffer wrote: >> I'm surprised it wouldn't. I wouldn't think a redirect would need to be >> encrypted. >> >> -Steve > > It does. Otherwise you could bypass HTTPS entirely by replacing the > redirect page with a non-encrypted copy of the dlang website with > whatever modifications you like.
Well, only if you're trying to protect against MITM attacks. If you're only worried about people packet sniffing, you can redirect from an unencrypted page without a care. In a situation like this, where approximately no sensitive information is going back and forth, MITM isn't much of a concern (and packet sniffing isn't, either, for the most part, except if you're logging in with a password you reuse elsewhere).