Cosmetica API doesn't redirect to HTTPS

Question

Cosmetica API doesn't redirect to HTTPS

Madis0 opened this issue 2 years ago · 1 comments

Madis0 commented 2 years ago

Describe the bug
http://api.cosmetica.cc doesn't redirect to https://api.cosmetica.cc. My ISP and others in the same network don't need to know what usernames I ping.

To Reproduce

Go to http://api.cosmetica.cc
Wait

Expected behavior
301 redirect to https://api.cosmetica.cc

Screenshots
N/A

Setup (please complete the following information):
A modern browser

Additional context
Considering you use a Cloudflare cert, I don't even think it faces any issues with expired root certificates (unlike Let's Encrypt) on older Minecraft. So... what's the excuse? 😛

eyezahhhh · Answer 1 · 2022-09-14T22:54:32.000Z

We're not the only ones who use our API. We're designing it to be usable by anyone else, and we don't need to force them to use HTTPS. That's their choice.

(Also we require it to be http for Arcmetica to work, too)

Share to