[HTTPS-Everywhere] Adding or removing of “www.”

Wed Dec 29 03:22:33 PST 2010

On 29/12/2010 06:34, Drake, Brian wrote:

> Rules are often of the form:
> 
> <rule from="^http://(www\.)?domain/" to="https://domain/"/>
> 
> or
> 
> <rule from="^http://(www\.)?domain/" to="https://www.domain/"/>
> 
> Not only do these rules redirect to HTTPS, they potentially change the
> rest of the address too. Presumably that’s because https://www.domain/
> would ultimately redirect to https://domain/ anyway (for the first form)
> or https://domain/ would ultimately redirect to https://www.domain/
> anyway (for the second form).

I assumed that most of the rules do this because the SSL cert is only
valid for "domain" or "www.domain", not both. That's certainly why I've
been writing rulesets of that format.

> In that case, why not change “http” to “https?” in the “from” values to
> save a request to the server when https://domain/ (for the first form)
> or https://www.domain/ (for the second form) is requested? The benefit
> would far outweight the cost, I think.

I don't really understand what you're saying here. In the first examples
you provided if you go to one of:

http://www.domain/
http://domain/

HTTPS-Everywhere redirects you to:

https://domain/

Are you suggesting that if somebody goes to https://www.domain/ it
should also handle redirecting to https://domain/ rather than leaving
the server to do it? I'm not sure if the code even looks at https
requests? I can't see a reason why it would need to.

-- 
Mike Cardwell https://secure.grepular.com/   https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101229/5c758fcf/attachment.sig>