At some point I think it will only be fair to require --insecure for #curl to do an unauthenticated protocol transfer (unless it is localhost). For clear text http:// etc.
well that's debatable, if you draw the line at kernel vs network card then you can easily have "LAN like IPs" that are just local. For example the default `bridge` network in Docker to communicate between containers on a single host.
I think that's a reasonable proposal, but one that will require a long, permissive ramp period. In my experience, especially in lower environments, people are lazy and a binary switch will require a long passive introduction period.
Agreed! Safari on iOS already has an option to initially deny HTTP connections with a warning (default not yet enabled). I think it's the way to go. support.apple.com/en-gb/guide/…
Wolf480pl
in reply to daniel:// stenberg:// • • •abeltramo
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to abeltramo • • •abeltramo
in reply to daniel:// stenberg:// • • •Unapologetic """"AI"""" hater aetios
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Unapologetic """"AI"""" hater aetios • • •Timo J
in reply to daniel:// stenberg:// • • •Luxano
in reply to daniel:// stenberg:// • • •jens persson
in reply to daniel:// stenberg:// • • •schnedan
in reply to daniel:// stenberg:// • • •draeath
in reply to daniel:// stenberg:// • • •please don't. It's so useful for debugging and local (but not localhost) work!
(Unless I'm misunderstanding)
It's not your job to make sure people don't hurt themselves with a useful tool!
faker
in reply to daniel:// stenberg:// • • •I think it's the way to go.
support.apple.com/en-gb/guide/…
Get a warning when you visit websites that use HTTP on iPhone
Apple SupportJeppe Fihl-Pearson
in reply to daniel:// stenberg:// • • •