You must log in or register to comment.
I’ve taken to just using HTTPS only. No redirect. Just an error.
I disagree.
You shouldn’t serve anything over http. (The article argues that there’s risk of leaking user data) Whatever you’re using for a webserver should always catch it. A 301/308 redirect is also cached by browsers, so if the mistake is made again, the browser will correct it itself.
If you make it fail, you’re just going to result in user confusion. Did they visit the right website? Is their internet down? etc.
This article isn’t about browsers or websites, and even acknowledges in the opening that it makes sense as a usability tradeoff in that context.
