77
Chromium Blog: Towards HTTPS by default
(blog.chromium.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 16 Aug 2023
77 points (93.3% liked)
Technology
59259 readers
1375 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
I agree. That would be absurd.
However, I don't like not having the option of using HTTP if I want to use it. It's okay if the webserver redirects me, but I don't like if my browser does it when I didn't tell it to. I might want this when doing development, port tunneling, VPN stuff, etc. In most cases, it won't matter, but when it does, it will be a pain in the ass.
Imagine you want to test your redirect from 80 to 443 when setting up your webserver.
While I think for the normal user this enhances security by defaulting to HTTPS, however this makes no sense for a browser. This should be enforced server side, the browser is for browsing, i.e. viewing. Not controlling and competing with the server software for competency.
Chromium is really leaning into bad code practice with the disregard for "separation of concerns".
If it's enforced server-side, then there's still an initial connection that is unsecured and can potentially be intercepted/modified before it gets to the redirect from 80 to 443.