Hacker News new | past | comments | ask | show | jobs | submit login

Pinner safety is a top priority for us, and so earlier this year we joined the growing list of websites that are fully HTTPS.

You had one job.

https://i.imgur.com/7RCusOi.png

(MTNL is an ISP in Delhi that I'm currently using to access the net. They are pretty shameless about running MITM attacks on virtually every webpage which is not fully HTTPS, such as engineering.pinterest.com.)




Their blog is a tumblr, tumblr doesn't do https on their subdomains.


If they use either a proxy or a service like Cloudflare, they can get some of the benefits of SSL/TLS (like preventing MITM attacks at the last-mile such as this one), while still using Tumblr to host their blog.


Tumblr blocks requests from Cloudflare

Edit: Sorry should source my claim.

Primary source: It reverted back to my .tumblr.com domain when I tried it

Also https://support.cloudflare.com/hc/en-us/articles/200168566-H...


Don't you have to use Tumblr's DNS settings to link a custom domain with their service? And to use Cloudflare don't you have to use their DNS servers?


You don't have to strictly speaking, you can use your own and just resolve in the same manner. You'd just need to monitor the results of a lookup on CF's servers and send back the same response with your own DNS.


Or at least, on other peoples' subdomains.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: