95
Chromium Blog: Towards HTTPS by default
(blog.chromium.org)
This is a most excellent place for technology news and articles.
No testing a server side http-to-https upgrade/redirect without reconfiguring your browser. This seems like an unnecessary and bad idea.
This could be easily done better by promoting such server-side configurations as a default.
I mean, why should the browser attempt to correct inappropriately configured servers? Shouldn't they rather be making PRs to NGINX/Apache/CAs or whatever?
Also: can't this be exploited to spoof an unavailable HTTPS and coerce an unencrypted connection?