↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When |
---|---|---|
mercutio | odd so randomly sometimes it just doesn't work and 404s? | [00:59] |
......... (idle for 43mn) | ||
*** | ziyourenxiang has joined #arpnetworks | [01:42] |
.................................................... (idle for 4h17mn) | ||
mhoran | OK, I think it was some combination of weird cached things and then redirects that weren't working. https://graphs.arpnetworks.com just redirects to arpnetworks.com, and I think the HSTS somewhere was then getting cached.
But if I go to https://graphs.arpnetworks.com/cacti/ it works. (After clearing all my cache and history.) | [05:59] |
....................................... (idle for 3h14mn) | ||
*** | ziyourenxiang has quit IRC (Ping timeout: 246 seconds) | [09:14] |
.......... (idle for 46mn) | ||
brycec | For me, https://graphs.arpnetworks.com does NOT redirect to arpnetworks.com, it redirects to /cacti/. Also, it's not serving an HSTS header.
But if I try http://graphs.arpnetworks.com But if I try http://graphs.arpnetworks.com it DOES redirect to arpnetworks.com. (And no HSTS header in that response, or the response from https://arpnetworks.com) ^ I've had this same issue with portal.arpnetworks.com -- I type "portal.arpnetworks.com" in my browser and end up at https://arpnetworks.com, but if I make sure to type https://portal.arpnetworks.com I end up where I wanted to be. Long story short... (portal|graphs).arpnetworks.com:80 really ought to redirecto the https://&:443 and _not_ https://arpnetworks.com, very jarring user experience | [10:00] |
mhoran | +1
Yeah I just presumed an HSTS header because of how it was behaving and I was confused. | [10:03] |
brycec | I think ARP used to have an HSTS header but with not all the subdomains setup for https, they pulled it because they weren't comfortable. | [10:03] |
............................................ (idle for 3h37mn) | ||
mercutio | i think hsts was only ever on the main web site
lg.arpnetworks.com doesn't have https | [13:40] |
.... (idle for 18mn) | ||
brycec | Right, right. That's my recollection as well. BUT HSTS is typically recomended with "includeSubdomains" (IIRC) flag set so it causes browsers to assume *.arpnetworks.com are HSTS | [13:59] |
....................... (idle for 1h53mn) | ||
mercutio | ah
to my mind what is better is when you get put into google etc with HSTS like prepopulating | [15:52] |
......... (idle for 40mn) | ||
brycec | mercutio: You're referring to https://hstspreload.org/ ?
Of course, the easy way into that is to just have a domain under a TLD that's preloaded. | [16:32] |
mercutio | looks to be
i don't remember it being quite so easy | [16:33] |
brycec | It's been quite that easy for a few years now :P | [16:34] |
mercutio | it needs includesubdomains for that
maybe doing includesubdomains isn't such a bad idea, thoughts, up_the_irons ? | [16:34] |
brycec | mercutio: No there are whole TLDs that are on the list already. Like .dev and .vodka
I think arpnetworks.vodka has a nice ring to it | [16:38] |
mercutio | haha
i didn't know that | [16:38] |
brycec | .google is another well-known (I think) [g]TLD that's on the HSTS list. With or without server headers, every web page served from a *.google domain is automatically HSTS'd, including all subdomains etc | [16:39] |
mercutio | i didn't know there was a .google even
so many new TLD now! tbh i don't pay much attention to domain names anymore i use google to search for what i want generally | [16:39] |
brycec | oof the HSTS list has grown quite a bit since I last looked https://cs.chromium.org/chromium/src/net/http/transport_security_state_static.json
(Correction, .vodka is not on the HSTS list, I misread something) | [16:41] |
mercutio | i prefer gin
that's pretty cool | [16:48] |
*** | ziyourenxiang has joined #arpnetworks | [16:51] |
.......................... (idle for 2h5mn) | ||
ziyourenxiang has quit IRC (Remote host closed the connection) | [18:56] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |