On Sun, Dec 31, 2017 at 04:31:00PM +0100, Valentin Brandl wrote:
Hi there, I'm starting to build a mirror for the tor project. The instructions page states `Try not to redirect http to https. Many places in the world cannot use https due to local or national firewalls`.
Since there should be no redirect, should I also stop sending HSTS headers when the page is visited via https? Also should or shouldn't I insert my site into the HSTS preload list?
Thanks everybody for the useful discussion here.
I think the right answer for mirror providers is "each person should do whatever they think is best/easiest" -- that should result in some diversity, where hopefully there will be some mirrors that can handle whatever weird situation the censored users find themselves in.
If somebody wants to write a patch for the mirror page: https://gitweb.torproject.org/project/web/webwml.git/plain/docs/en/running-a... so it says more reasonable things, that would be great.
Thanks! --Roger