Event JSON
{
"id": "a3a2f4b556e0406b3a9a0183f32555ee7db0e5fd67ef70d780afac6e6badd577",
"pubkey": "7ea2399dc56d70c7a7d3ba329247dd2761955a28a4ab2ec59074596c6b5d84fe",
"created_at": 1717381131,
"kind": 1,
"tags": [
[
"p",
"d2358d9221ff4f306a1d0db7aa3dcd9ea02994e7e1fc411a1a5485afc8947c24"
],
[
"p",
"7ea2399dc56d70c7a7d3ba329247dd2761955a28a4ab2ec59074596c6b5d84fe"
],
[
"t",
"osspodcast"
],
[
"proxy",
"https://infosec.exchange/@kurtseifried/112550289812075115",
"web"
],
[
"proxy",
"https://infosec.exchange/users/kurtseifried/statuses/112550289812075115",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/kurtseifried/statuses/112550289812075115",
"pink.momostr"
]
],
"content": "Should you redirect HTTP to HTTPS for a website? What about for APIs? nostr:npub16g6cmy3pla8nq6sapkm650wdn6szn988u87yzxs62jz6ljy50sjq5xs9jn and nostr:npub1063rn8w9d4cv0f7nhgefy37ayase2k3g5j4ja3vsw3vkc66asnlqazeaeu thought this was a reasonably simple question and... well... as usual it turns out to be quite complicated and nuanced. Find out on the #osspodcast at http://opensourcesecurity.io/2024/06/02/episode-431-redirecting-http-to-https/ TL;DR: we should really make HTTPS the default, not HTTP for new stuff. I'm also still not sure how I feel about the cult of backwards compatibility (especially in light of the RJ tab toots).",
"sig": "45029395402fffcf64aafbe7e5c873b2b4f7ec6a9199517cdd66fea94582b4c69286ce085d7c7e8e8913f61294c9f5ddedf4c89710773c5df50b7a42b5aef05d"
}
