-
moparisthebest
damn I have more security considerations to add to '156: "when following HTTP redirects make sure they are all 'https' and never 'http'" :'(
-
moparisthebest
actually, rip the language directly from POSH: > A web server at the source domain might redirect an HTTPS request to another HTTPS URI. The location provided in the redirect response MUST specify an HTTPS URI.