Skip to content
This repository has been archived by the owner on Jun 20, 2020. It is now read-only.

Force TLS connections? #10

Closed
btracey opened this issue Sep 18, 2017 · 5 comments
Closed

Force TLS connections? #10

btracey opened this issue Sep 18, 2017 · 5 comments

Comments

@btracey
Copy link
Member

btracey commented Sep 18, 2017

Netlify has a "Force TLS connections" , "Forcing TLS will redirect all traffic to HTTPS and set Strict Transport Security Headers for 1 year."

Is this something we want? We somewhat force this anyway because the hugo generation (at least at the moment) hard paths https links.
@kortschak
Copy link
Member

What happens if we don't? What happens after a year?

@btracey
Copy link
Member Author

btracey commented Sep 19, 2017

If we don't we get this somewhat weird bouncing of people going to http but ending up in https anyway. I think after a year we have to enable it again. The warning that comes with it is

"Warning! Once you force TLS connections, people who visit your site won’t be able to access the HTTP version if you change this setting later."

I'm guessing that means the process is somewhat irreversible for a year.

@kortschak
Copy link
Member

OK. I'm happy to force TLS.

@kortschak kortschak mentioned this issue May 23, 2020
Closed
@han-so1omon
Copy link

@btracey I think force TLS is the way to go. Netlify plans to support exclusively TLS traffic if they haven't done so already. See this issue from the netlify team: netlify/cli#158

@kortschak
Copy link
Member

This is done with the new website build.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kortschak @btracey @han-so1omon