Atom Blog still served over HTTP (rather than HTTPS)

[caleb531]

Hi,

I noticed that the entire Atom Blog is still served only over HTTP. There is an HTTPS version of the blog, but no links elsewhere are pointing to it, and the HTTP blog doesn't redirect to the HTTPS blog. Since HTTPS is the way of the future, I highly recommend serving the blog only over HTTPS. Obviously, this would mean:

• Add 301 redirects from HTTP blog to HTTPS version
• Update atom.io navigation to point to HTTPS version of blog
• Add Strict-Transport-Security header, since https://atom.io/ already has that, too

Thanks for such an awesome editor, Caleb

[jasonrudolph]

Thanks for these suggestions, @caleb531. :bow:

Add 301 redirects from HTTP blog to HTTPS version

These redirects are now in place. 😅

Update atom.io navigation to point to HTTPS version of blog

We've got a pull request open to make this change. We hope to roll it out :soon:.

Add Strict-Transport-Security header, since https://atom.io/ already has that, too

blog.atom.io is a GitHub Pages site, and GitHub Pages doesn't yet provide a way to set this response header. (atom.io is a Rails app, so we're able to control which response headers get set for atom.io.)

[jasonrudolph]

Update atom.io navigation to point to HTTPS version of blog

All atom.io links to the blog should now be pointing to HTTPS. If you notice any lingering HTTP links to blog.atom.io, please let us know. :bow:

[lgarron]

blog.atom.io is a GitHub Pages site, and GitHub Pages doesn't yet provide a way to set this response header.

FYI, I can set this header. However, even better would be HSTS preloading for atom.io :-D https://hstspreload.org/?domain=atom.io