Cloudflare puts an end to insecure HTTP

Plain text communication also allows unauthorized persons to view data. Cloudflare therefore also no longer supports HTTP for API calls.

https://www.heise.de/en/news/Cloudflare-puts-an-end-to-insecure-HTTP-10328265.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Cloudflare macht unsicherem HTTP den Garaus

Klartextkommunikation erlaubt auch Unbefugten Einsicht in Daten. Cloudflare unterstützt daher auch für API-Aufrufe kein HTTP mehr.

https://www.heise.de/news/Cloudflare-macht-unsicherem-HTTP-den-Garaus-10328030.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Should you ever run across an article that says you don't need a VPN because most every website use HTTPS, be aware that you can not see the encryption, or the lack of it, in mobile apps. Thus, things like this happen - Apple did not bother to upgrade their own software from HTTP to HTTPS.

https://9to5mac.com/2025/03/18/apples-passwords-app-was-vulnerable-to-phishing-attacks-for-nearly-three-months-after-launch/
Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch
#vpn #http #https #encryption

Going stateless is one of REST’s secret weapons. Treating each request as independent makes APIs more scalable, reliable, and easier to cache. Want to know why statelessness is such a big deal? Read the post!

https://woodruff.dev/rest-constraint-3-going-stateless-for-scalability/

Ever seen a 404 and wondered what it really means? #HTTP response codes are like secret messages from the web, telling you what’s happening behind the scenes. From 200 to 500, they all have a story. Want to decode them? Check out my latest post!

https://woodruff.dev/decoding-http-response-codes-what-your-browser-isnt-telling-you/

Ever wonder what really happens when you visit a website? Behind the scenes, an #HTTP request and response are making the magic happen. Headers, status codes, and payloads all play a role. Want to see how it all works?

https://woodruff.dev/breaking-down-http-what-really-happens-in-a-request-and-response/

De http-puinhoop

Screenshot bij https://www.security.nl/posting/879514/rant+-+onveiliginternetten_nl

#HTTP isn't just about requests and responses—it’s got verbs that make the web dynamic! GET, POST, PUT, DELETE... each has a job, and together they keep the internet running. Want to know what they do and when to use them? Check out my latest post!

https://woodruff.dev/http-methods-the-verbs-that-make-the-web-go-round/

Ever wonder how the web actually works? It's all thanks to #HTTP — the secret sauce making everything from pet videos to API calls possible. My latest post breaks it all down in plain English. Check it out!

https://woodruff.dev/http-demystified-the-secret-sauce-of-the-web/

So, apparently, it is no longer possible to require #HTTPS client certificate authentication for a specific subtree when using #TLS 1.3, because renegotiation is no longer supported and there is no replacement protocol for “hey client, if you want to go in there, I'm gonna need to see your certificate first.”

Lovely. I was using that.

New @small-web/kitten release (version 5.2.0)

Adds missing types on `KittenRequest` and `KittenResponse` interfaces (the missing request and response helpers).

• `is()`: check for request type. e.g., `request.is('html')` or `request.is('json')` (you can also use the full mimetype).
• `json()`: JSON.stringify passed data and end response with inline JSON.
• `jsonFile()`: JSON.stringify passed data and end response with JSON attachment and optional file name.
• `file()`: end response with passed file data and optional file name and mime type.
• `withCode()`: end response with passed status code and optional body.

Kitten request and response helpers documentation:

https://kitten.small-web.org/reference/#request-and-response-helpers

Kitten type safety tutorial:

https://kitten.small-web.org/tutorials/type-safety/

Enjoy!

A Guide to Implementing ActivityPub in a Static Site (or Any Website) - Part 8 is out!

Follow the site here @blog or check the article here: https://maho.dev/2025/01/a-guide-to-implementing-activitypub-in-a-static-site-or-any-website-part-8/

#fediverse #activitypub #static-sites #hugo #azure #mastodon #web-development #social-web #webfinger #http #azure #azurefunctions

I have an early prototype of #w3m using #libcurl. This means today is the day when #w3m did its first HTTP/1.1 request.

Only 28 years after HTTP/1.0 was obsoleted.

I'm excited!

blog! “Mastodon Now Sends Referer Headers! Hurrah!”

Back in 2022, I wrote this rather grumpy post on Mastodon, the federated social media platform.

> Mastodon enforces a "noreferrer" on all external links. I have mixed feelings about that. As a blogger, I want to see *where* visitors are coming from…

Read more: https://shkspr.mobi/blog/2024/12/mastodon-now-sends-referer-headers-hurrah/
⸻
#fediverse #http #mastodon

#Hurl, maybe my favourite #Postman replacement, just released a new major version. Nothing too big from my POV, but the --curl "native export" looks useful. So you can communicate your requests to folks who use curl, or use it as input to other tools’ importers, which usually "speak" curl.

(Before you had to fish the #curl equivalent out of the verbose output. PS: I with --very-verbose was just -vv or -vv; to whom it may concern :)

https://github.com/Orange-OpenSource/hurl/releases/tag/6.0.0

miniserve: Yet another HTTP server command line tool. This one has options for single page apps, etc.
https://github.com/svenstaro/miniserve
#server #hacks #http #web #+