Will javascripts recovered using HTTP and HTTPS be cached separately?

Say if a web server supports both HTTP and HTTPS, if a browser retrieves a Javascript from this server using HTTP and HTTPS, and the script is cacheable, will the script be put cached separately, one for HTTP and one for HTTPS?

Is this behavior consistent for all types of browsers, and what about cache at the CDN and reverse proxy level?

tls – Verifying installation programs downloaded via HTTPS

An attacker with a Man-in-the-Middle position, able to intercept and silently modify the HTTPS traffic (which is impractical in practice), could indeed be used by a user a modified executable with a modified hash and a compromised GPG key.

But if we were to be really paranoid, they would not download the GPG key that created the signature via the same login that they used to download the executable. Instead, you need to download the executable, for example, at home, and then download the GPG key in an Internet cafe.

As you can see, this is not really done in practice and usually it is not necessary to do it. TLS, if it is configured correctly, is considered secure in practice according to the standards of today.

So what to do in practice?

In practice, you have several options:

  • Option 1: Ignore the hashes and GPG signatures and make sure that the download will be successful.
  • Option 2: Check the attached checksum to make sure the download contains no errors. That's what I do personally with operating system downloads and the like.
  • Option 3: Download the GPG key, make gpg --verify and see if everything is fine.
  • Option 4: Download the executable on one machine, and then move to another location to download the GPG key. Then physically meet the manager to check the fingerprint of the key. Then check the download.

As you can see, the examples become more and more complex, in order to mitigate even more ridiculous risks. In the end, you must choose your own level of paranoia.

https – Google Analytics seems to be affected after setting the preferred domain

I hope you can help me with that! I have recently changed the preferred domain of my site https://example.com. Unfortunately, after that, it seems that the views / visits are no longer recorded by Google Analytics. I've changed the URL in the admin settings of GA to indicate that it is now https://example.com – maybe it just needs some time to settle down?

In addition, I am not sure I have correctly configured the 301 redirect after setting my preferred domain.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com$ (NC)
RewriteRule ^(.*)$ http://example.com/$1 (R=301,L)

If I have an HTTPS site, should I add the "s" to the sections that contain "HTTP"?

Is there an application to share data with an HTTP / HTTPS POST?

I'm trying to send an audio recording of my Android to my website using the sharing menu.

Ideally, I would like an application that I can configure with a URL and that appears in the sharing menu. When I select the application sharing icon, the data is sent to the preconfigured URL during a POST operation.

Note: my question is not how to code it because I'm pretty sure I can do it. I ask if such an application already exists, because I just can not believe that someone has not yet written application to do it!

https – What is the difference between certbot and certbot-auto?

Battery Exchange Network

The Stack Exchange network includes 175 question-and-answer communities, including Stack Overflow, the largest and most reliable online community on which developers can learn, share knowledge and build their careers.

Visit Stack Exchange

network – How to redirect HTTPS traffic to a proxy on localhost: 443?

I am building an HTTP server in C ++ using the Cesanta Mongoose C ++ network library. Basically, I try to redirect traffic from my web browser to a proxy on the local host. I've recently added HTTPS support by purchasing a certificate and domain, and then following the instructions to enable SSL with Mongoose (https://cesanta.com/docs/http/ssl.html). The server is now listening on port 443 and everything is working properly. I've configured my web browser to direct HTTPS requests to localhost: 443, but that does not seem to trigger the HTTP server. When my server listens on port 8080 and the web browser is configured to send requests to localhost: 8080, the web browser is enabled, but it does not support https. Something is wrong with the web browser configuration for sending requests to localhost: 443?

ssl – force redirection to https on a specific port on nginx?

Battery Exchange Network

The Stack Exchange network includes 175 question-and-answer communities, including Stack Overflow, the largest and most reliable online community on which developers can learn, share knowledge and build their careers.

Visit Stack Exchange

php – https page requiring socket connection in wss and not ws

I have a socket in PHP running on port 8080, to boot the socket I use the command php chat-server.php

Until then everything is fine, the problem is that now the site can only respond in https, which requires that when connecting my socket in JavaScript, I use wss: // meuip: 8080 instead of ws: // meuip: 8080

I do not know how to start the socket with SSL, can someone help me?

domain name system – SRV registration does not work on GoDaddy HTTPS on a separate port

I can not configure a desktop with a public IP address and multiple web services running on separate ports. One of the services is a media server and I try to add an SRV record to GoDaddy in order to avoid confusing the staff with the ports. In addition, I deleted my DNS cache and tried more than 1/2 hour at a time just to confirm that the cache is cleared from my DNS preferences (I've also tried other DNS servers without my system having manually searched the domain). . The fields are filled as follows:

  • Service: _https
  • Protocol: _tcp
  • First name: @
    (I've also tried domain.ca here)
  • Target: media
    (I've also tried media.domain.ca here)
  • Priority: 1
  • Weight: 1
  • Port: 12322
  • TTL: 1/2 hour (although it hardly matters)

The Dig output looks like this: (Output modified to delete the current domain name)

; <<>> DiG 9.10.6 <<>> media.domain.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7098
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;media.lightyearlabs.ca.        IN  A

;; AUTHORITY SECTION:
domain.ca.  590 IN  SOA ns45.domaincontrol.com. dns.jomax.net. 2019112603 28800 7200 604800 600

;; Query time: 28 msec
;; SERVER: 2001:568:ff09:10a::55#53(2001:568:ff09:10a::55)
;; WHEN: Sat Nov 30 11:18:01 PST 2019
;; MSG SIZE  rcvd: 122

Someone please hit me, it can not be so difficult. Yes, the port is transferred to their router (works if I enter https://media.domain.ca:12322), but I can not dig or reach media.domain.ca or https://media.domain.ca . does not seem to add the good port. Thank you all,

tls – Why are file URLs marked as unsafe while https URLs are marked as secure in browsers?

I think file protocols are more secure than https protocols.

You would be right if the file comes from a local storage.

What happens if you load a file from an FTP mount (the FTP protocol is not secure, even the passwords are sent in plain text)? Or from a remote service (unsecured) on an unencrypted wifi network? A consumer access point with a connected drive could be configured like this.

The browser has no way of knowing if any of these connections is really secure. And even though it was possible to determine if the file system's direct links were secure, we can not know if the next step in the chain is.

So the browser just does not guarantee what it does not know.