Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
This repository was archived by the owner on Nov 6, 2023. It is now read-only.

Added dragonsmoke.cloud rule#8800

Closed
TheOpenSourceNinja wants to merge 1 commit into
EFForg:masterEFForg/https-everywhere:masterfrom
TheOpenSourceNinja:masterTheOpenSourceNinja/https-everywhere:masterCopy head branch name to clipboard
Closed

Added dragonsmoke.cloud rule#8800
TheOpenSourceNinja wants to merge 1 commit into
EFForg:masterEFForg/https-everywhere:masterfrom
TheOpenSourceNinja:masterTheOpenSourceNinja/https-everywhere:masterCopy head branch name to clipboard

Conversation

@TheOpenSourceNinja

Copy link
Copy Markdown

I've recently set up the web site dragonsmoke.cloud with HTTPS, so I thought I'd submit a rule for HTTPS Everywhere.

<target host="dragonsmoke.cloud" />
<target host="www.dragonsmoke.cloud" />

<rule from="^http://(www\.)?dragonsmoke\.cloud/" to="https://www.dragonsmoke.cloud/" />

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you forcing to redirect to the www subdomain? HTTP is working on both and the redirect works on the servers side.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The server redirects you to www no matter what, so there's no reason we should redirect to the non-www version. Might as well just skip straight to www.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@J0WI

J0WI commented Mar 16, 2017

Copy link
Copy Markdown
Contributor

You should have a look on https://hstspreload.org/ which makes a rule in HTTPS Everywhere obsolete.

@TheOpenSourceNinja

Copy link
Copy Markdown
Author

Already submitted to hstspreload.org :)
I don't think it entirely obsoletes HTTPS Everywhere rules though. HTTPS Everywhere can run on current & outdated browser versions, whereas the HSTS preload list with my site added will presumably only be pushed to future browser versions.
Since I set up dragonsmoke.cloud primarily as an exercise in making my web server as secure as possible, I'm trying to eliminate (as far as possible) the "insecure first connection" problem by adding to both HTTPS Everywhere and hstspreload.org.

@jeremyn

jeremyn commented Dec 5, 2017

Copy link
Copy Markdown
Contributor

@TheOpenSourceNinja Are you still interested in working on this?

@jeremyn

jeremyn commented Dec 20, 2017

Copy link
Copy Markdown
Contributor

I'm closing this pull request due to lack of response from @TheOpenSourceNinja . Also, both https://dragonsmoke.cloud and https://www.dragonsmoke.cloud fail HTTPS, so there is no ruleset to make here anyway.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Morty Proxy This is a proxified and sanitized view of the page, visit original site.