On Sun, Jul 20, 2014 at 01:52:20PM +0200, Peter Palfrader wrote: > On Sun, 20 Jul 2014, Wouter Verhelst wrote: > > These are all good arguments for enabling HTTPS and making it the > > default (which I've said repeatedly is a move that I support, or at the > > very least don't oppose), but not for *disabling* the possibility of > > plain HTTP. > > Pray tell: How do you make it default.
See: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security It sends a header to tell you you should be using HTTPS. I am happy however to just use a seperate VHOST for non-HTTPS access. Iain. -- e: i...@fsfe.org w: iain.learmonth.me x: i...@jabber.fsfe.org t: +447875886930 c: MM6MVQ g: IO87we p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
pgpWSnHA5Gj2c.pgp
Description: PGP signature
