top | item 46438866

(no title)

Arbortheus | 2 months ago

It would be nice. Our security team started complaining that we serve a 301 redirect on port 80 for our website (just like 99.9% of websites do... sigh) and wanted port 80 shut down.

To appease them, I switched the redirect off in dev/staging, and soon enough even devs are having trouble accessing the site because they type 'website.com' and that can't resolve, only 'https://website.com' can.

(And before you say it, yes we use HSTS, but I presume there were some scenarios where that wasn't already cached/hit).

discuss

No comments yet.