Tag Archives: https

★ Fixing the valet share 301 Redirect Loop

One of the nice things of Laravel Valet is that it includes an easy way to make your local site available publicly. For this it has the aforementioned Ngrok built-in. To use it, just run the valet share command, and … Continue reading

Elsewhere , , , Leave a comment

Chrome 66 to Untrust Symantec-issued Certificates

Chrome is really tightening up the security game here. In Chrome 66 it will untrust Symantec-issued SSL/TLS certificates, after Symantec has repeatedly screwed up by wrongly issuing certificates for domains, including google.com itself. Thanks to a decision in September by … Continue reading

Elsewhere , , Leave a comment

Extended Validation Is Broken

https://stripe.ian.sh/ is an interesting site by Ian Carroll. See it? Take a closer look at the certificate. Yes, that’s one for “Stripe, Inc” … but, that’s not “Stripe, Inc” is it? This site uses an EV certificate for “Stripe, Inc”, … Continue reading

Elsewhere , , , Leave a comment

Get HTTPS working on localhost, with green padlock

In On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome I said: One of the things that’s still not really frictionless for your local development domains is the use of certificates. To circumvent … Continue reading

Elsewhere , , Leave a comment

On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome

👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Earlier today, in a post entitled Secure Contexts Everywhere, it was announced on the Mozilla Security Blog that Firefox … Continue reading

Original Content , , , , 1 Comment

Monitoring for the encrypted web with “Oh Dear!”

Because there’s more to HTTPs than just monitoring for certificate expiration dates. Next to SSL Certificate Expirations, Oh Dear! also scans for Mixed Content, Revoked (Intermediate) Certificates, the use of bad or insecure ciphers, etc. Knowing that this service is … Continue reading

Elsewhere , Leave a comment

Mixed Content and Responsive Images

Interesting issue Jonathan Snook ran into when switching a site over to HTTPS. Even though images from HTTP resources should still get loaded by the browser (as they are Passive Mixed Content, and thus tolerated), they weren’t: After some digging, … Continue reading

Elsewhere , , , Leave a comment

API

(Source: xkcd #1481)

Elsewhere , , , , Leave a comment

Marking HTTP As Non-Secure

My name is Bramus and I approve this message: We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan … Continue reading

Elsewhere , , , Leave a comment

Mixed Content Scan: Scan your HTTPS-enabled website for Mixed Content

With my recent move to HTTPS I wasn’t sure if there were any pages left on my site that had Mixed Content or not. If an HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only … Continue reading

Elsewhere , , , , 2 Comments