Comments (6)
I don't think it's necessary to get into "why https://?" here in the issue - that's just another copy of the discussion on the internet. sslstrip is one example (of many). But anyone in control of your connection or DNS (e.g. any public WiFi) can send the connection where they want. Or any malicious browser extensions (e.g. Chrome store buyouts), etc. The point is: there are lots of ways. If you're curious, search for http => https hijacking to see many examples.
The basics are: you can't have a secure connection to anything if first hopping through an insecure one. This redirect is no different.
from referencesource.
This isn't an issue because http:/ redirects to https:/ for the urls in question.
from referencesource.
It is an issue, because someone can intercept and change that redirect. The only mitigation for such (short of changing the link) is HSTS preloading. That domain is not on the HSTS preload list nor is it even sending the header.
from referencesource.
from referencesource.
The setting for the repo here (home link: https://github.com/Microsoft/referencesource) has the website site as
http://referencesource.microsoft.com/
when everything has moved tohttps://
now. Can we please update this setting to https://referencesource.microsoft.com/?
Which setting are you referring to?
from referencesource.
After @NickCraver explained it to me, I was able to fix this :-)
from referencesource.
Related Issues (20)
- This repo is missing important files HOT 3
- EnsureCapacity should not have if (newCapacity < min) newCapacity = min; HOT 1
- HttpWebRequest BeginRead different behaviour on .NET Core vs Framework HOT 5
- Help building HOT 3
- Why `Substring` cannot make a reference to the original data instead of a copy? HOT 1
- Multipart/form-data upload from HttpClient blocked by Azure Application Gateway WAF rule 920140 REQUEST-920-PROTOCOL-ENFORCEMENT
- Missing Float HOT 1
- System.Data.DataRowExtensions.UnboxT`1.NullableField[TElem](Object value)
- https://sourceof.net/ incorrect X.509 certificate HOT 7
- Broken String.prototype.startsWith polyfill
- CompareAttribute won't work on records values HOT 1
- C# ADO.NET (System.Data.OleDb) Transaction Scope Auto Committed Before Calling Complete() HOT 1
- How to connect the database connection of SQLDependency using managed identity in Azure? HOT 1
- Missing .NET Framework 4.8.1 source code HOT 1
- XIRR
- Calculation of field Timeout of type TimeSpan in HttpClient doesn't match Timespan definition of MaxValue.
- Fhir Epic Sandbox : Creating a JWT in C# to Obtain an Access Token for a Backend Service
- Vulnerability Issue CVE-2024-0057 : [email protected]
- ServiceDependsOn throwing win32 error when switching to Turkish Language
- http://referencesource.microsoft.com/ lost source in the namespace `Microsoft.VisualBasic`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from referencesource.