On 2018-01-21 21:29, Tevfik Renan Dincer wrote:
I would also recommend Cloudflare approach (I work
there). Makes it
pretty convenient to enforce things like dns and caching. You can
actually have cloudflare talk to github over https using the “Full”
but not the “Full (strict)” setting. This makes sure there is TLS at
the origin connection but does not verify the certificates.
Forgive my ignorance, but is this something that is hidden from the
browser (ie. the browser only sees
buildyourowninter.net resources) or
does the browser have to explicitly request resources from cloudflare?
I am only asking in the context of this particular website; in general,
I know that cloudflare domain does leak into the set of resources needed
by the browser for many websites, and when that happens I stop using
that website :-( . I have to do that to keep my domain based
protections at all meaningful. (Currently that is uBlock Origin but it
applies equally to many other similar extensions.)
So I will vote strongly against any solution which has such
consequences. Again, this is just in the context of
buildyourowninter.net ; I don't want to start a flamewar about
cloudflare or cloud usage in general.
Thanks.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.