這個產品就如同標題所說的方式而已,做起來不難,只是一直沒人做就是了:「How we brought HTTPS Everywhere to the cloud (part 1)」。
傳統的作法是直接硬幹下去換掉,或是用 header 讓瀏覽器主動轉過去:
A naive way to do this would be to just rewrite
http://
links tohttps://
or let browsers do that withUpgrade-Insecure-Requests
directive.
但這有必須有兩個假設成立才可以:
- Each single HTTP sub-resource is also available via HTTPS.
- It's available at the exact same domain and path after protocol upgrade (more often than you might think that's not the case).
而 HTTPS Everywhere 則是用人力確認了哪些網站可以這樣玩。CloudFlare 利用這份清單改寫程式碼裡面的 HTTP 連結,僅可能將 HTTP 資源換成 HTTPS。算是還不錯的方式...
之後有可能再推出對 HTTP images 與 HTTP assets 的 proxy cache?