ipaqmaster t1_ir41lwb wrote
Reply to comment by bowelcrusher in An anonymous polling site for sensitive topics, with live stats and a heatmap (NEW: add your own questions!) by bowelcrusher
Mozilla Firefox 105.0.1 on Linux kernel 5.19.12
I can see it in the Network tab of Developer Tools, after registering to make a vote count it POSTs to /new_vote and catches a 302 redirect, but the location header of that 302 is Location: http://myworld.vote
which is where that downgrade caught my attention. Granted in the majority of cases, a browser will remember an earlier 301 and not follow the URI to be told 301 > https a second time. (But because your reddit post URL specifies https, that was my browser's first time being redirected to it again)
Anyone running an SSL enforcer could get stuck there which I guess is where setting your HSTS headers could save the day in that case. Otherwise fixing that Location string.
Easy change in new_vote I presume. That endpoint also explains why it happened a second time post-registration during another vote.
bowelcrusher OP t1_ir42kef wrote
Thanks a lot for pointing this out!
ipaqmaster t1_ir42ucd wrote
All good. Cool site!
Viewing a single comment thread. View all comments