Joinmastodon.org should redirect to https


#1

http://joinmastodon.org/ doesn’t redirect to https. Now that Chrome shows the “Not Secure” warning for every non-https URLs I think it would be a good idea to do it.


#2

It does redirect to me… Tested both with Firefox and Chrome.


#3

Maybe you already visited the website with https and got the Strict-Transport-Security header.

According to https://hstspreload.org/?domain=joinmastodon.org, joinmastodon.org is not currently preloaded, doesn’t have a redirect and the max-age is too low.

curl -I http://joinmastodon.org/
HTTP/1.1 200 OK
Date: Thu, 07 Jun 2018 14:52:40 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=[...]; expires=Fri, 07-Jun-19 14:52:40 GMT; path=/; domain=.joinmastodon.org; HttpOnly
Last-Modified: Wed, 06 Jun 2018 20:11:05 GMT
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 4273f1a184d83fd7-YUL

#4

I think I fixed this.


#5

Yes you did. Thanks :slight_smile:


#6

weblate.joinmastodon.org should also be fixed.

% http http://weblate.joinmastodon.org/                       
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Length: 194
Content-Type: text/html
Date: Sun, 05 Aug 2018 14:28:56 GMT
Location: https://zeonfederated.com/
Server: nginx/1.10.3 (Ubuntu)

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>