search

Cosmetica-cc / Cosmetica

Custom public cosmetics, Free for everyone. Forever. Ongoing Development is happening at Cosmetica-2, still WIP
https://cosmetica.cc
Apache License 2.0
54 stars 11 forks source link

Cosmetica API doesn't redirect to HTTPS #61

Closed Madis0 closed 1 year ago

Madis0 commented 1 year ago

Describe the bug http://api.cosmetica.cc doesn't redirect to https://api.cosmetica.cc. My ISP and others in the same network don't need to know what usernames I ping.

To Reproduce

  1. Go to http://api.cosmetica.cc
  2. Wait

Expected behavior 301 redirect to https://api.cosmetica.cc

Screenshots N/A

Setup (please complete the following information): A modern browser

Additional context Considering you use a Cloudflare cert, I don't even think it faces any issues with expired root certificates (unlike Let's Encrypt) on older Minecraft. So... what's the excuse? 😛

eyezahhhh commented 1 year ago

We're not the only ones who use our API. We're designing it to be usable by anyone else, and we don't need to force them to use HTTPS. That's their choice.

(Also we require it to be http for Arcmetica to work, too)