Echo JS 0.11.0


chris-l comments

chris-l 218 days ago. link 1 point
This goes against the rules:

* No link to summaries, only link to original content
* No link to newsletters, see previous rule
* No URL shortened links, only real links to pages
chris-l 239 days ago. link 1 point
The only problem I see is that the redirect.js script is directly assigning a value to location.href, instead of using location.replace

Assigning to .href is similar to clicking a link; the non-https page will be in the history.

That means if someone is using a letsencrypt compatible browser, and then enter the http site, will be redirected to https, with the http site on the history.

Now, whats going to happen if the user clicks on the back button?

It will return to the non-https version, and immediately will be returned to the https version again. Which means the back button would be broken.

This can be easily fixed if the script instead uses location.replace

It would look like this:

if (location.href.match(/^http:/i)) {
    location.replace(location.href.replace(/^http:/i, 'https:'));

In the end, is only an small detail, of course
chris-l 259 days ago. link 1 point
Hey, just don't stop downvoting and reporting spam.