Chromium Blog: Towards HTTPS by default - eviltoast

cross-posted from: https://lemmy.world/post/3301227

Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for “high-risk files” (example given is an exe). They’re also planning on enabling it by default for Incognito Mode and “sites that Chrome knows you typically access over HTTPS”.

  • dust_accelerator@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Imagine you want to test your redirect from 80 to 443 when setting up your webserver.

    While I think for the normal user this enhances security by defaulting to HTTPS, however this makes no sense for a browser. This should be enforced server side, the browser is for browsing, i.e. viewing. Not controlling and competing with the server software for competency.

    Chromium is really leaning into bad code practice with the disregard for “separation of concerns”.

    • Spotlight7573@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      If it’s enforced server-side, then there’s still an initial connection that is unsecured and can potentially be intercepted/modified before it gets to the redirect from 80 to 443.