When you send an HTTP request to a server over HTTPS (HTTP over TLS), your browser must first establish a secure connection. This is typically done by sending a plain HTTP request to the HTTPS port (443). However, this simple step can have significant security implications if not handled correctly.
When you send an HTTP request to a server over HTTPS, your browser must first establish a secure connection. This is typically done by sending a plain HTTP request to the HTTPS port (443). However, this simple step can have significant security implications if not handled correctly.
Redirections can be used to bypass security checks on certain services. For example, if a service uses a custom redirect URL to redirect users to a different page, this can expose sensitive data to unauthorized parties.
Accessing APIs (Application Programming Interfaces) can be done using plain HTTP requests. However, APIs typically use HTTPS for security reasons. If an API is not properly secured, it may allow attackers to intercept or modify sensitive data.
In summary, when sending HTTP requests over HTTPS, the plain request should be sent directly to the HTTPS port (443). It's essential to ensure that all redirects and API access are properly secured using HTTPS. This will help protect sensitive data from unauthorized parties.
For more information on handling plain HTTP requests over HTTPS, please refer to the following conference paper: https://conferences.law.stanford.edu/ipsummerschool2022/2013/12/29/purus-rhoncus-et-lundium
https://conferences.law.stanford.edu/ipsummerschool2022/2013/12/29/purus-rhoncus-et-lundium