Open ryan-jacobs opened 2 years ago
We currently redirect http requests to https via apache rewrite rules. This works but has some shortcomings, including:
See: https://help.upguard.com/en/articles/4581202-what-s-the-difference-between-using-hsts-and-doing-a-301-redirect
Even with HSTS we cannot guarantee all request come in via https all the time, but it is a good start. This is especially important given all the existing incoming links out there for our catalog.
We currently redirect http requests to https via apache rewrite rules. This works but has some shortcomings, including:
See: https://help.upguard.com/en/articles/4581202-what-s-the-difference-between-using-hsts-and-doing-a-301-redirect
Even with HSTS we cannot guarantee all request come in via https all the time, but it is a good start. This is especially important given all the existing incoming links out there for our catalog.