| ▲ | motorest 6 days ago | ||||||||||||||||
> This is whack as hell but doesn't seem to be the default? I don't think so. If you read about what Flexible SSL means, you are getting exactly what you are asking for. https://developers.cloudflare.com/ssl/origin-configuration/s... Here is a direct quote of the recommendation on how this feature was designed to be used: > Choose this option when you cannot set up an SSL certificate on your origin or your origin does not support SSL/TLS. Furthermore, Cloudflare's page on encryption modes provides this description of their flexible mode. > Flexible : Traffic from browsers to Cloudflare can be encrypted via HTTPS, but traffic from Cloudflare to the origin server is not. This mode is common for origins that do not support TLS, though upgrading the origin configuration is recommended whenever possible. So, people go out of their way to set an encryption mode that was designed to forward requests to origin servers that do not or cannot support HTTPS connections, and then are surprised those outbound connections to their origin servers are not HTTPS. | |||||||||||||||||
| ▲ | jrasm91 6 days ago | parent | next [-] | ||||||||||||||||
It was the default at the time so we had no idea this behavior would be applied to a fetch request in a worker. That combined with no other indication that it was happening made it a real PITA to debug. | |||||||||||||||||
| ▲ | maxbond 6 days ago | parent | prev [-] | ||||||||||||||||
I get that it's a compatibility workaround (I did look at the docs before posting) but it's a.) super dangerous and b.) apparently was surprising to the authors of this post. I'm gunnuh keep describing "communicate with your backend in plain text and get caught in infinite redirect loops mode" whack but reasonable people may disagree. I would like to know how this setting got enabled, however. And I don't think the document should describe it as a "default" if it isn't one. | |||||||||||||||||
| |||||||||||||||||