Comments (18)
Thanks! One thing that's not quite clear to me: is it possible that enabling that now would cause issues if we later moved to a custom domain? I've been considering getting something like <redacted>
for it.
from python3statement.github.io.
@takluyver delete your comment. Do not mention an unregisted domain name on github. It will be automatically stolen
from python3statement.github.io.
@takluyver delete your comment. Do not mention an unregisted domain name on github. It will be automatically stolen
Redacted just in case. Yes, for now we can't enforce https if we want a custom domain at some point.
from python3statement.github.io.
Yes, for now we can't enforce https if we want a custom domain at some point.
This isn't true. Github only forces https for the .github.io domain. It's fine with CNAMEs.
from python3statement.github.io.
also you can just use cloudfront for HTTPS like I do with https://graingert.github.io
from python3statement.github.io.
From github help:
HTTPS is not supported for GitHub Pages using custom domains.
Even if it can work.
While we know we can setup cloudflare, cloudfront or anything else, it is extra work, extra-credential, and extra instruction that need to be maintained.
So for now I don't think it's worth it,
from python3statement.github.io.
Thanks for the warnings. I wasn't too attached to the particular name, so if someone steals it, we'll find another one.
Are there bots that trawl Github and register domains? If so, hey bots! I'm totally about to register domainregisteringbotssuck.org and helpimstuckinadomainfarm.co. Wouldn't want anyone to snap those up before I get round to it!
from python3statement.github.io.
From github help:
HTTPS is not supported for GitHub Pages using custom domains.
That just means GitHub will not redirect to https for CNAMEs. All the check box does is redirect http://python3statement.github.io to https://python3statement.github.io
from python3statement.github.io.
There will be no problems migrating to a custom domain
from python3statement.github.io.
My thinking is that it might also set HSTS to enforce that a browser that has visited the site will always go to the https URL. And maybe there's a restriction on an HSTS site redirecting to a plain http site. It's all pretty speculative, but I also don't think it's hugely important to use https on this site - we're not asking for any information or offering any downloads - so there's no rush to flip the switch.
from python3statement.github.io.
@takluyver if it does set HSTS that will only effect http://python3satement.github.io
from python3statement.github.io.
@takluyver what I'm trying to say is there's no harm in flipping the switch, there are only benefits
from python3statement.github.io.
Right, I understand that you're saying that, I'm just trying to ascertain if I actually believe it ;-).
Specifically, is a domain using HSTS allowed to redirect to a plain HTTP one? I don't have any particular reason to think it can't, but I also don't currently have clear evidence that it can, and it's a restriction that wouldn't entirely surprise me if it were true.
from python3statement.github.io.
is a domain using HSTS allowed to redirect to a plain HTTP one
Yes, otherwise that would break the web.
from python3statement.github.io.
@takluyver here's a demo https://graingert.co.uk/go-to-python3statement
from python3statement.github.io.
curl -i https://graingert.co.uk/go-to-python3statement
HTTP/1.1 302 Moved Temporarily
Date: Thu, 14 Jul 2016 17:10:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=redacted; expires=Fri, 14-Jul-17 17:10:53 GMT; path=/; domain=.graingert.co.uk; HttpOnly
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: http://python3statement.github.io/
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare-nginx
CF-RAY: redacted
from python3statement.github.io.
OK, thanks. It's not obvious to me that it would break the web if HSTS->http redirects failed, but the demo is compelling. :-)
from python3statement.github.io.
Done!
from python3statement.github.io.
Related Issues (20)
- Add multiconf HOT 1
- Add jenkinsflow HOT 2
- Squash logo images HOT 1
- "If someone wants to continue to support 2.7..." HOT 2
- Add Marrow projects. HOT 3
- Add plyara HOT 8
- Python 2 EOL Bof At SciPy HOT 10
- Add Bokeh logo
- add requests project HOT 2
- the web by django ? HOT 6
- Conserve bandwidth? HOT 15
- Squash single selected image
- Timeline chart not displayed HOT 3
- Add Bandit HOT 1
- Add project ‘python-daemon’ HOT 2
- Add SecureDrop HOT 2
- Consider removing packages that still support Python 2 in Feb 2020 HOT 10
- Add lib3to6 HOT 8
- @takluyver that's correct, IAB is an interactive bioinformatics text that uses Python 3 but the code there is for educational purposes only and not intended for import (we usually refer readers to scikit-bio for that). HOT 1
- A "Thank You" sign-off and archive? HOT 20
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python3statement.github.io.