Closed caleb531 closed 5 years ago
Thanks for these suggestions, @caleb531. :bow:
Add 301 redirects from HTTP blog to HTTPS version
These redirects are now in place. 😅
Update atom.io navigation to point to HTTPS version of blog
We've got a pull request open to make this change. We hope to roll it out :soon:.
Add
Strict-Transport-Security
header, since https://atom.io/ already has that, too
blog.atom.io is a GitHub Pages site, and GitHub Pages doesn't yet provide a way to set this response header. (atom.io is a Rails app, so we're able to control which response headers get set for atom.io.)
Update atom.io navigation to point to HTTPS version of blog
All atom.io links to the blog should now be pointing to HTTPS. If you notice any lingering HTTP links to blog.atom.io, please let us know. :bow:
blog.atom.io is a GitHub Pages site, and GitHub Pages doesn't yet provide a way to set this response header.
FYI, I can set this header. However, even better would be HSTS preloading for atom.io :-D https://hstspreload.org/?domain=atom.io
Hi,
I noticed that the entire Atom Blog is still served only over HTTP. There is an HTTPS version of the blog, but no links elsewhere are pointing to it, and the HTTP blog doesn't redirect to the HTTPS blog. Since HTTPS is the way of the future, I highly recommend serving the blog only over HTTPS. Obviously, this would mean:
Strict-Transport-Security
header, since https://atom.io/ already has that, tooThanks for such an awesome editor, Caleb