Broken http => https redirect handling

[alokmenghrajani]

Sorry if I'm reporting this issue in the incorrect place. Hopefully you can help me route it.

http://www.evote-ch.ch/vd incorrectly redirects to https://doc.evote-ch.chvd (note the lack of slash between ch and vd).

If an attacker is able to purchase the chvd top level domain (very unlikely), they could theoretically compromise the election process.

$ curl -v 'http://www.evote-ch.ch/vd'
*   Trying 160.53.75.136...
* TCP_NODELAY set
* Connected to www.evote-ch.ch (160.53.75.136) port 80 (#0)
> GET /vd HTTP/1.1
> Host: www.evote-ch.ch
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 28 Jan 2019 07:21:27 GMT
< Location: https://doc.evote-ch.chvd
< Content-Length: 233
< Content-Type: text/html; charset=iso-8859-1
< Set-Cookie: TS01e3dc2d=0175768efa8072e65a48d44dfa6c49612c22053b2e1ee970b4397f6c52294d0bf01bf66d65e1a81ae78af0e5c9a493202ec2f7d145; Path=/
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://doc.evote-ch.chvd">here</a>.</p>
</body></html>
* Connection #0 to host www.evote-ch.ch left intact
$

[chvote-etat-de-geneve]

Hi, thank you very much for your valuable input ! We are working right now on finding the right fix and to plan its deployment without risking any disruption of the service.

Kind regards

[chvote-etat-de-geneve]

Hi, the broken redirection has been fixed.