You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Autolink assumes only domains with a leading www. should be linked. Many domains are configured to redirect to the "bare" variant without the www since it is technically unnecessary, so this assumption does not hold.
Autolink assumes the insecure http:// protocol. This opens the visitor up to a MitM if they've not visited the site before (for no HSTS preload) or the site doesn't use HSTS and no redirect is cached.
It is proposed:
This feature use the Public Suffix List to detect references to domains.
The default protocol be changed to https:// since the vast majority of browser page loads are performed using HTTPS nowadays (https://letsencrypt.org/stats/#percent-pageloads). If the user needs to refer to a legacy site, they can specify the link explicitly.
The text was updated successfully, but these errors were encountered:
From what I understand,
www.should be linked. Many domains are configured to redirect to the "bare" variant without the www since it is technically unnecessary, so this assumption does not hold.http://protocol. This opens the visitor up to a MitM if they've not visited the site before (for no HSTS preload) or the site doesn't use HSTS and no redirect is cached.It is proposed:
https://since the vast majority of browser page loads are performed using HTTPS nowadays (https://letsencrypt.org/stats/#percent-pageloads). If the user needs to refer to a legacy site, they can specify the link explicitly.The text was updated successfully, but these errors were encountered: