konklone
commented
8 years ago @dmdude Is this also true of site-inspector version 1.0.2? (The code path, command, and output format are all different.)
Open dmdude opened 8 years ago
konklone
commented
8 years ago @dmdude Is this also true of site-inspector version 1.0.2? (The code path, command, and output format are all different.)
dmdude
commented
8 years ago @konklone I don't know of a good way of testing that. I'm not really a Ruby programmer and am not comfortable with setting up a test environment. Let me know if there is another way to test.
benbalter
commented
8 years ago It should detect 302s. Based on our own internal logic as site is only downgraded from HTTPS to HTTP when HTTPS is supported, but the canonical endpoint downgrades to HTTP.
dmdude
commented
8 years ago Well, if you do a curl -v -k "https://stutzman.house.gov" you can see the site accepts SSL and has a valid cert as reported by https://www.digicert.com/help/, so it appears to me that HTTPS is supported. The curl command also shows the redirect from https to http.
I did a search through the code for "302" and found nothing, while a search for "301" finds many items. I'm not a ruby person and the code was not obvious to me about how to change it, nor am I totally certain about the redirect test.
If my understanding on this is wrong, please let me know where.
It appears that 302 redirects are not being handled. For example, stutzman.house.gov downgrades SSL but the tool does not flag this.