From dee92cf63cb23df2a6da62f5713b482ac54fa390 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2024 09:15:35 +0200 Subject: [PATCH] https: make hsts and alt-svc sub-pages under HTTPS Closes #483 --- SUMMARY.md | 6 +++--- http/README.md | 6 +++--- http/https.md | 1 + http/{ => https}/altsvc.md | 0 http/{ => https}/hsts.md | 12 +++++++----- http/versions/http3.md | 4 ++-- 6 files changed, 16 insertions(+), 13 deletions(-) rename http/{ => https}/altsvc.md (100%) rename http/{ => https}/hsts.md (82%) diff --git a/SUMMARY.md b/SUMMARY.md index 091843eec9..9fb0f512ad 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -151,7 +151,6 @@ * [HTTP/2](http/versions/http2.md) * [HTTP/3](http/versions/http3.md) * [Conditionals](http/conditionals.md) - * [HTTPS](http/https.md) * [HTTP POST](http/post/README.md) * [Simple POST](http/post/simple.md) * [Content-Type](http/post/content-type.md) @@ -177,8 +176,9 @@ * [HTTP PUT](http/put.md) * [Cookies](http/cookies/README.md) * [Cookie file format](http/cookies/fileformat.md) - * [Alternative Services](http/altsvc.md) - * [HSTS](http/hsts.md) + * [HTTPS](http/https.md) + * [HSTS](http/https/hsts.md) + * [Alternative Services](http/https/altsvc.md) * [Scripting browser-like tasks](http/browserlike.md) * [Command line FTP](ftp/README.md) * [FTP Directory listing](ftp/dirlist.md) diff --git a/http/README.md b/http/README.md index 0dbe4d7b4b..ff4f7ad5c0 100644 --- a/http/README.md +++ b/http/README.md @@ -15,12 +15,12 @@ the specific HTTPS section. * [Ranges](ranges.md) * [HTTP versions](versions/) * [Conditionals](conditionals.md) - * [HTTPS](https.md) * [HTTP POST](post/) * [Redirects](redirects.md) * [Modify the HTTP request](modify/) * [HTTP PUT](put.md) * [Cookies](cookies/) - * [Alternative Services](altsvc.md) - * [HSTS](hsts.md) + * [HTTPS](https.md) + * [HSTS](https/hsts.md) + * [Alternative Services](https/altsvc.md) * [Scripting browser-like tasks](browserlike.md) diff --git a/http/https.md b/http/https.md index 06d18641af..6f464a7e8d 100644 --- a/http/https.md +++ b/http/https.md @@ -7,4 +7,5 @@ integrity by the use of TLS. See the [Using TLS](../usingcurl/tls.md) section for in-depth details on how to modify and tweak the TLS details in an HTTPS transfer. +* [HSTS](https/hsts.md) diff --git a/http/altsvc.md b/http/https/altsvc.md similarity index 100% rename from http/altsvc.md rename to http/https/altsvc.md diff --git a/http/hsts.md b/http/https/hsts.md similarity index 82% rename from http/hsts.md rename to http/https/hsts.md index 57c93db77e..a41cd29af4 100644 --- a/http/hsts.md +++ b/http/https/hsts.md @@ -1,17 +1,19 @@ # HSTS +*Automatic use of HTTPS*. + HTTP Strict Transport Security, HSTS, is a protocol mechanism that helps to protect HTTPS servers against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows an HTTPS server to declare -that clients should automatically interact with this hostname using only -HTTPS connections going forward - and explicitly not use clear text protocols -with it. +that clients should automatically interact with this hostname using only HTTPS +connections going forward - and explicitly not use clear text protocols with +it. ## HSTS cache The HSTS status for a certain server name is set in a response header and has -an expire time. The status for every HSTS hostname needs to be saved -in a file for curl to pick it up and to update the status and expire time. +an expire time. The status for every HSTS hostname needs to be saved in a file +for curl to pick it up and to update the status and expire time. Invoke curl and tell it which file to use as a hsts cache: diff --git a/http/versions/http3.md b/http/versions/http3.md index c0350d0b76..4a8712f22f 100644 --- a/http/versions/http3.md +++ b/http/versions/http3.md @@ -38,8 +38,8 @@ can take advantage of this feature when ## Alt-svc: -The [alt-svc](../altsvc.md) method of changing to HTTP/3 is the official way to -bootstrap into HTTP/3 for a server. +The [alt-svc](../https/altsvc.md) method of changing to HTTP/3 is the official +way to bootstrap into HTTP/3 for a server. Note that you need that feature built-in and that it does not switch to HTTP/3 for the *current* request unless the alt-svc cache is already populated, but