Mike Percy has posted comments on this change. ( http://gerrit.cloudera.org:8080/11162 )
Change subject: [site] Add http to https redirect ...................................................................... Patch Set 1: Code-Review-1 I know I was the one that suggested this approach, however after doing more research I think it's the wrong way to do it. There is a good article by Google about how to enable HTTPS @ https://developers.google.com/web/fundamentals/security/encrypt-in-transit/enable-https In the section of that article titled "Turn on Strict Transport Security and secure cookies" they recommend using HSTS <https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security> instead of a 301 redirect, and in the section "Redirect HTTP to HTTPS" they recommend using <link rel="canonical" href="https://...";> tags in the page header to gently redirect search engines to using https. Sending a hard 301 redirect from http seems undesirable because it locks out clients that can't speak https, whereas the above approaches are both backward-and forward-compatible. -- To view, visit http://gerrit.cloudera.org:8080/11162 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: gh-pages Gerrit-MessageType: comment Gerrit-Change-Id: Ic5a060a419466ec4b16840347d387262ca8a4199 Gerrit-Change-Number: 11162 Gerrit-PatchSet: 1 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Mike Percy <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-Comment-Date: Sun, 12 Aug 2018 16:47:18 +0000 Gerrit-HasComments: No
