[Haskell-cafe] Redirecting hackage.haskell.org to HTTPS
Bob Ippolito
bob at redivi.com
Sun Nov 15 16:18:24 UTC 2020
In addition to the redirect, and for the same reasons, enabling HSTS [1]
and submitting it to the HSTS preload list for browsers [2] may also make
sense. I don't think it should have any effect on agents that are visiting
the HTTP version of the site unless the agent somehow simultaneously
supports HSTS, has the preload list or has previously visited the site on
HTTPS, and can't cope a client-side URL rewrite from HTTP to HTTPS.
[1]
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
[2] https://hstspreload.org/
-bob
On Sat, Nov 14, 2020 at 9:43 PM Tikhon Jelvis <tikhon at jelv.is> wrote:
> Pages on hackage.haskell.org are currently served over both HTTP and
> HTTPS. Package security on Hackage does not depend on HTTPS, so we keep
> HTTP endpoints for backwards compatibility with automated systems that
> depend on Hackage and do not support HTTPS.
>
> However, this means that it's possible for users to inadvertently browse
> Hackage pages on HTTP which is not a great user experience. To address this
> issue without breaking existing scripts, we are planning to redirect
> requests to HTTPS based on User-Agent headers: requests with "Mozilla/5.0"
> in their User-Agent string will be redirected to HTTPS and other requests
> will remain unchanged.
>
> Please contact us at committee at haskell.org if this change will cause
> problems with how you use Hackage. Otherwise, the new behavior will go into
> effect on 2020-11-23.
>
> Thanks!
> -Tikhon Jelvis, on behalf of the Haskell.org Committee
> _______________________________________________
> Haskell-Cafe mailing list
> To (un)subscribe, modify options or view archives go to:
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> Only members subscribed via the mailman list are allowed to post.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20201115/58d3891d/attachment.html>
More information about the Haskell-Cafe
mailing list