Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

An unsecure http GET could be modified and redirect the interested person to a fake site, even if the original target would do nothing but redirect to its https-variant.

It does make sense.



I'm convinced the people commenting on this article are just contrarians.

"How could you possibly have standards" isn't a very interesting conversation yet here we are having it at scale.


>An unsecure http GET could be modified and redirect the interested person to a fake site

You don't have a threat model, do you?


"Beware of the leopard"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: