ba6a8936f4
This check was broken: it tried to construct a http URL by changing the updateBaseUrl schema instead of constructing such a URL based on the configured HTTPPort. I also don’t think this check is useful: HTTPS will be used for updates regardless of the check. Even if an attacker intercepted HTTP traffic and removed the redirect, that has no bearing on the update, so why bother checking. One thing the check (implicitly) did is the required fallback on initial installation when --insecure is specified. We now solve that by falling back from HTTPS to HTTP explicitly (only when --insecure is specified, of course). related to https://github.com/gokrazy/tools/pull/94
9.9 KiB
9.9 KiB