[jfindley]

The HTTPS implementation looks dangerous at first sight - it looks like an attacker could very easily just strip the X-Templar-Upgrade out from the request, and then end up with everything being un-encrypted - without the client throwing any warnings.

Could you possibly provide more details of how you avoid this?

[evanphx]

Templar is designed to be used within your own infrastructure on a trusted network, where you talk to it and it talks to the outside world.

An attacker would have to be already within your private network, and if they were, they could observe the traffic in plain text already.

I think the confusion is around where Templar sits in relation to your app making HTTP API calls and the services you want to talk to. I'm going to draw up a diagram to help explain this better.