Hacker News new | ask | show | jobs
by metadat 699 days ago
What would be allowed after SSL? By default, does curl allow redirects to http:// via -L?

If so.. that's kinda sketchy from a security perspective. Especially because the flag you've shown is very unwieldy.
1 comments
dijit 699 days ago
curl will not follow any redirects without -L, including from http to https.

But -L is very useful, so being able to prevent downgrades has useful functionality to help restrict it.

link
metadat 699 days ago
This has nothing to do with what I'm attempting to discuss.
link