banned for burgerpostinghmm, how long will it take for my browser to update to the new CSP now, lol
Michael Wilcox (Afterdark)@pea depends on how long you cache.
You can just clear it.
@miwilc hmmm, I just cleared my cache, and I can confirm with `curl -I https://fuckonthefirst.date` that my CSP header is changed, but it's still saying it's just "connect-src 'self' wss://fuckonthefirst.date" without "https:" added in my console
@pea remind me, what browser do you use again? FF ESR?
@miwilc oh, I'm in chromium right now actually
@miwilc even in the cache entry, the connect-src is right
@miwilc feel like it should log a parsing issue making it ignore the https://* part, and i also tried https:
@miwilc changed it back to https:, cleared the cache again, still ignored. Even the cached content at chrome://net-internals/#httpcache has the proper CSP
@miwilc just checked and firefox ESR is fine, only chromium is being a shit
@miwilc Gonna try deleting all of my chromium local data, reinstalling browser, then checking....
@miwilc the only thing I can think of is whether it's included in my Strict-Transport-Security including 'preload' to make google do the thing where they preload strict transport security so navigating to http: is automatically pushed to https:
@miwilc I can't imagine that google also just assumes that it should preload CSP with that though
@pea I don't think they do.
Also: you added the preload directive to F(otf).D? Wow you're brave (probably more than me)
But I guess LE makes https easy
Also: you added the preload directive to F(otf).D? Wow you're brave (probably more than me)
But I guess LE makes https easy
@miwilc federation (to my knowledge) is only possible over HTTPS, even if it was possible to federate over HTTP, I wouldn't want a site that requires logins for full functionality to EVER be served over HTTP
@miwilc plus, I use HTTPS everywhere and don't even personally access sites that don't use HTTPS
@pea yeah that's great, and I agree. https is great.
Take #2: I was going to post a link to a video but then this happened
Take #2: I was going to post a link to a video but then this happened
@miwilc I don't really think https is great, since it requires centralized authorities to work, but it's the best option we have right now for some semblance of security. If I was seriously gonna run something I wanted to be secure and in my Ideal Image of internet security, I would probably use another system
@miwilc also I don't really get what you're saying with the link, could you explain?