Hacker News new | past | comments | ask | show | jobs | submit login

iOS Safari (and other iOS browsers) auto redirects to http://ycombinator.dev/



Can you confirm that it's not rewriting the URL to https://yc.dev first before issuing a request to the network? It's possible that Safari has suffered some kind of regression. This definitely used to work at some point.

I can confirm here in Chrome and Firefox that the URL is rewritten internally to https://yc.dev (which then redirects to https://ycombinator.dev), so no unencrypted traffic is ever sent over the network.


Unfortunately I’m not in a situation where I can test that. It’s very possible that that’s the case, but it then leaves the question of why the non-https ycombinator.dev is what we eventually end up on.


Separate from HSTS, they should also be redirecting http to https. Hopefully they'll get around to that soon. The domain is still recent so they're probably not finished with configuration.


Strange. I wouldn't expect that, because according to https://caniuse.com/#feat=stricttransportsecurity, the latest versions of Chrome and Safari for iOS do support Strict Transport Security.


I’m on iOS 12.2, which that site says supports Strict Transport Security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: