SSL redirects

Don't.

If the web server receives a plain HTTP request on port 80, then fucking well honour it.

It is not a mistake. It is a deliberate request to be served the resource over an ordinary non-encrypted TCP connection. Because there is no fucking point encrypting it.

So fucking make your fucking server respond as requested. DO NOT make it issue a 30x redirection to the HTTPS version of the fucking URL. If it's going to give a 200 on the HTTPS version then it can fucking well give the same 200 on the plain HTTP version without any stupid bloody pointless redirection, which is what I fucking asked for, so fucking well do it.

Screenshot of client-side redirection code
Do not do this you stupid bastards

Especially do not do something as flaming bloody stupid as sticking stupid fucking little booby traps in the page source to try and make it reload the page over HTTPS if it has been sent over HTTP. For fuck's sake. Using HTTPS is fucking stupid to begin with but surely it's really obviously stupid to fuck around sending something encrypted when you've just sent the exact same fucking thing in plaintext to the same destination a few milliseconds before. What the fuck do you think it hides?




Back to Webshite


Back to Pigeon's Nest


Be kind to pigeons




Valid HTML 4.01!