[email protected] writes:
> so bad:
> $ curl -I https://store.pfsense.org/SG-2220
> HTTP/1.1 200 OK
> Content-Length: 162
> Server: Microsoft-IIS/8.0
> Refresh: 0;URL=http://store.pfsense.org/SG-2220
I think this is exactly what you were getting at, but for other
readers' benefit, note that if they used an HTTP 301 redirect instead
of 200 OK, HTTPS Everywhere would detect the loop! Only "Refresh"
and Javascript-based redirection cause loops that we can't detect.
("Refresh: 0" is not a good practice for telling a browser that it went
to the wrong URL or wrong version of a resource.)
--
Seth Schoen <[email protected]>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
