On Fri, 2014-09-12 at 09:39 +0000, Matthias Wimmer wrote: > Especially it does not indicate, that every resource available on a > given HTTP URI is also available on the corresponding HTTPS URI. > > E.g. a shop may use a TLSA record for the X.509 certificate of its > secure webserver, but may only use https addresses for the payment > processing. It may not allow browsing the web shop using https.
The automatic whitelisting on https > http redirects should fix that. -- bye, pabs http://bonedaddy.net/pabs3/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
