This repository has been archived by the owner on Apr 21, 2021. It is now read-only.
Redirect issue - endpoint choice #59
Comments
|
Can you point to an existing domain in this situation @sayaHub ? Point 3 there seems to imply a secure endpoint is downgrading to an insecure path.. That feels pretty "wrong". |
|
for point 3, we feel the same way, we don't understand why the configuration will be setup that way. We are trying to write up more about the right way to do redirection ...I ping you on slack about the domain example. |
|
Example of a misconfigured redirection... The logic of how pshtt chooses the 'best' endpoint to use could be changed, but it'd probably just be easier to fix the domains showing issues. |
|
fyi, issue mentioned in original library : |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Use case:
Even if we feed the scanner with a root endpoint that is secured and properly redirect to the eventual secure endpoint, tracker seems to set the canonical url to httpswww. Where there are httpswww configuration issues, it significantly impact the root domain scan result because the httpswww is chosen.
Question:
should Tracker choose to scan the secure root endpoint if Live instead of httpswww?
The text was updated successfully, but these errors were encountered: