cross-posted from: https://lemmy.world/post/3301227
Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for “high-risk files” (example given is an exe). They’re also planning on enabling it by default for Incognito Mode and “sites that Chrome knows you typically access over HTTPS”.
It does if you just type in something like wikipedia.org . This most recent change they’re working on is so that a link on a page to:
http://wikipedia.org will get redirected to https://wikipedia.org if the site supports it.
This will fix a bunch of old links that are still floating around on various sites, forums, etc and keep people on https, instead of doing the https -> http -> https redirect bouncing around that can happen now.
I disagree. While in practice, this is often the same website, it is a different protocol and a different port. It just happens to use the same DNS address. You’re explicitly giving your browser a FQDN, and it is ignoring it and doing something else.
I hope this feature can be disabled. Google has been ignoring the W3C and has shipped proprietary, insecure features in their chromium engine for a while now, so it wouldn’t surprise me if they made it permanent 🤷
What kind of monster would deliberately serve different content for http and https versions of the same URL?
