undefined | Better HN

0 pointsest5y ago0 comments

> then wouldn't the intranet page be served over HTTP too and not make this an issue?

The page itself is served in both HTTP and HTTPS, can be visited in and outside the LAN.

The <img> and <video> content fail in HTTPS without explanation in Chrome v81+

0 comments

Dylan168075y ago

> The page itself is served in both HTTP and HTTPS, can be visited in and outside the LAN.

So why can't you use one of these options:

1. Redirect all users to HTTPS, since you apparently already have a globally valid certificate.

2. Rewrite the tags to use HTTPS only when the page is loaded over HTTPS.

3. Set upgrade-insecure-requests only when the page is loaded over HTTPS.

estOP5y ago

Because the <img> <video> content is served on a LAN machine with custom TLD. HTTPS don't work with that.

However I can use reverse of your methods to redirect every HTTPS to HTTP.

Dylan168075y ago

When you say "the page itself" can be visited outside the LAN, does that include the images and videos? If it doesn't, what's the use case?

Inside the LAN, when you visit the page over HTTPS the URL bar has a globally valid domain, right? So why do you even want the LAN machine to have a custom TLD, if that's going to be invisible to the user?

1 more reply

j / k navigate · click thread line to collapse

0 pointsest5y ago0 comments

> then wouldn't the intranet page be served over HTTP too and not make this an issue?

The page itself is served in both HTTP and HTTPS, can be visited in and outside the LAN.

The <img> and <video> content fail in HTTPS without explanation in Chrome v81+

0 comments

Dylan168075y ago

> The page itself is served in both HTTP and HTTPS, can be visited in and outside the LAN.

So why can't you use one of these options:

1. Redirect all users to HTTPS, since you apparently already have a globally valid certificate.

2. Rewrite the tags to use HTTPS only when the page is loaded over HTTPS.

3. Set upgrade-insecure-requests only when the page is loaded over HTTPS.

estOP5y ago

Because the <img> <video> content is served on a LAN machine with custom TLD. HTTPS don't work with that.

However I can use reverse of your methods to redirect every HTTPS to HTTP.

Dylan168075y ago

When you say "the page itself" can be visited outside the LAN, does that include the images and videos? If it doesn't, what's the use case?

1 more reply

j / k navigate · click thread line to collapse