undefined | Better HN

0 pointsakira25011y ago0 comments

So if you occasionally forget and use http when you meant https and are worried about the consequences of that, you should just implement your own HSTS checking layer?

Why not just implement your own fetch wrapper that throws if it's not an https connection?

0 comments

g15jv2dp1y ago

> So if you occasionally forget and use http when you meant https and are worried about the consequences of that, you should just implement your own HSTS checking layer?

Or use a library to do it. The core fetch functionality shouldn't have to deal with HSTS. There may be legitimate reasons to fetch over HTTP even after you received an HSTS header - for testing purposes, for example.

> Why not just implement your own fetch wrapper that throws if it's not an https connection?

That's the developer dealing with HSTS.

j / k navigate · click thread line to collapse