Reply to post: Re: Are they keeping HTTP(s)?

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Crypto Monad

Re: Are they keeping HTTP(s)?

> I'm sure http://www.<mydomain> and http://<mydomain> are technically different - I recall cases where one would work and not the other though please someone feel free to explain why?

1. In the DNS, "www.example.com" and "example.com" are two different names. They can point to two different IP addresses - that is, the user would end up connecting to two completely different servers. Or: one name might have an IP address and the other does not, in which case trying to use the other name would give a DNS error.

2. Even if both names point to the same IP address, the web browser sends a "Host" header containing the hostname part of the URL. The web server may respond with different content depending on which host was requested. It might not be configured with one of the names and return a page not found error instead.

(A fairly common example where you want different content is when "www.example.com" is the real site, and "example.com" just returns a redirect to the real site)

3. For HTTPS sites, the certificate might have been issued to "www.example.com" only. This would mean that a request to https://example.com/ would be flagged as insecure, because the certificate name doesn't match.

You can have a certificate which contains two subjectAlternativeNames - or you can have two different certificates and use Server Name Indication to select which one to use. But not everyone remembers to do this.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019