Episode 431 - Redirecting HTTP to HTTPS

Josh and Kurt talk about a blog post titled "Your API Shouldn't Redirect HTTP to HTTPS". It's an interesting idea, and probably a good one. There is however a lot of baggage in this space as you'll hear in the discussion. There's no a simple solution, but this is certainly something to discuss. Show Notes Your API Shouldn't Redirect HTTP to HTTPS Hacker News discussion HSTS Section 5.1