📅  最后修改于: 2022-03-11 14:48:19.396000             🧑  作者: Mango
This is a continuation to the previous article on Enforcing HTTPS.
While redirecting all non-secure requests to secure URLs is good,
a man-in-the-middle can still hijack the connection before the
redirect. And if the user types the address as company.com in
the address bar, it will access the site insecurely every single
time.