ipaqmaster
ipaqmaster t1_irgd183 wrote
Are you accepting feedback using feedback [at] linksafe.ly?
(I kid, this is a growing problem.)
ipaqmaster t1_ir42ucd wrote
Reply to comment by bowelcrusher in An anonymous polling site for sensitive topics, with live stats and a heatmap (NEW: add your own questions!) by bowelcrusher
All good. Cool site!
ipaqmaster t1_ir41lwb wrote
Reply to comment by bowelcrusher in An anonymous polling site for sensitive topics, with live stats and a heatmap (NEW: add your own questions!) by bowelcrusher
Mozilla Firefox 105.0.1 on Linux kernel 5.19.12
I can see it in the Network tab of Developer Tools, after registering to make a vote count it POSTs to /new_vote and catches a 302 redirect, but the location header of that 302 is Location: http://myworld.vote which is where that downgrade caught my attention. Granted in the majority of cases, a browser will remember an earlier 301 and not follow the URI to be told 301 > https a second time. (But because your reddit post URL specifies https, that was my browser's first time being redirected to it again)
Anyone running an SSL enforcer could get stuck there which I guess is where setting your HSTS headers could save the day in that case. Otherwise fixing that Location string.
Easy change in new_vote I presume. That endpoint also explains why it happened a second time post-registration during another vote.
ipaqmaster t1_ir3qz0r wrote
Reply to An anonymous polling site for sensitive topics, with live stats and a heatmap (NEW: add your own questions!) by bowelcrusher
FYI the signup process redirects to the website without https (Downgrade) and same whenever you try to make a new poll.
ipaqmaster t1_j7d2d6j wrote
Reply to comment by LordTonka in Red sky at night, sailors delight. by linuxknight
the blood moon is rising