undefined | Better HN

0 pointsgbear6057y ago0 comments

iOS Safari (and other iOS browsers) auto redirects to http://ycombinator.dev/

0 comments

Can you confirm that it's not rewriting the URL to https://yc.dev first before issuing a request to the network? It's possible that Safari has suffered some kind of regression. This definitely used to work at some point.

I can confirm here in Chrome and Firefox that the URL is rewritten internally to https://yc.dev (which then redirects to https://ycombinator.dev), so no unencrypted traffic is ever sent over the network.

gbear605OP7y ago

Unfortunately I’m not in a situation where I can test that. It’s very possible that that’s the case, but it then leaves the question of why the non-https ycombinator.dev is what we eventually end up on.

CydeWeys7y ago

Separate from HSTS, they should also be redirecting http to https. Hopefully they'll get around to that soon. The domain is still recent so they're probably not finished with configuration.

TonnyGaric7y ago

Strange. I wouldn't expect that, because according to https://caniuse.com/#feat=stricttransportsecurity, the latest versions of Chrome and Safari for iOS do support Strict Transport Security.

gbear605OP7y ago

I’m on iOS 12.2, which that site says supports Strict Transport Security.

j / k navigate · click thread line to collapse

0 comments

CydeWeys7y ago

gbear605OP7y ago

CydeWeys7y ago

Separate from HSTS, they should also be redirecting http to https. Hopefully they'll get around to that soon. The domain is still recent so they're probably not finished with configuration.

TonnyGaric7y ago

Strange. I wouldn't expect that, because according to https://caniuse.com/#feat=stricttransportsecurity, the latest versions of Chrome and Safari for iOS do support Strict Transport Security.

gbear605OP7y ago

I’m on iOS 12.2, which that site says supports Strict Transport Security.

j / k navigate · click thread line to collapse