Y
Hacker News
new
|
ask
|
show
|
jobs
by
RKearney
4503 days ago
Bad idea. Then anyone who accesses it over HTTPS won't be able to use HTTP anymore and HTTPS requires a paid plan of some sort.
Ideally they should be on separate domains, at which point HSTS would be more suited.
1 comments
lifeeth_
4503 days ago
Paid plan for API access I guess - hoping one wont use the same environment for both. I meant this for the stripe frame which kicks in, cant really trust an https frame that has a start from http.
link