https requests redirecting to http #443
Description
For example with curl below.
This is understandably breaking a bunch of apps but hopefully you're working on it. Opening this here for visibility/comms.
curl -iv https://unpkg.com/@alpinejs/[email protected]/dist/cdn.min.js
* Trying 104.17.245.203:443...
* Connected to unpkg.com (104.17.245.203) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=unpkg.com
* start date: Mar 20 17:47:13 2025 GMT
* expire date: Jun 18 18:47:11 2025 GMT
* subjectAltName: host "unpkg.com" matched cert's "unpkg.com"
* issuer: C=US; O=Google Trust Services; CN=WE1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55ddbdddbeb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /@alpinejs/[email protected]/dist/cdn.min.js HTTP/2
> Host: unpkg.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 302
HTTP/2 302
< date: Mon, 31 Mar 2025 06:57:33 GMT
date: Mon, 31 Mar 2025 06:57:33 GMT
< content-type: text/plain;charset=UTF-8
content-type: text/plain;charset=UTF-8
< location: http://unpkg.com/@alpinejs/[email protected]/dist/cdn.min.js
location: http://unpkg.com/@alpinejs/[email protected]/dist/cdn.min.js
< access-control-allow-origin: *
access-control-allow-origin: *
< cross-origin-resource-policy: cross-origin
cross-origin-resource-policy: cross-origin
< via: 1.1 fly.io, 1.1 fly.io
via: 1.1 fly.io, 1.1 fly.io
< fly-request-id: 01JQNEDXK6TQRM9RYSJ5MF2WTY-syd
fly-request-id: 01JQNEDXK6TQRM9RYSJ5MF2WTY-syd
< cf-cache-status: STALE
cf-cache-status: STALE
< age: 1458
age: 1458
< strict-transport-security: max-age=31536000; includeSubDomains; preload
strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-content-type-options: nosniff
x-content-type-options: nosniff
< server: cloudflare
server: cloudflare
< cf-ray: 928df39048b7d718-BNE
cf-ray: 928df39048b7d718-BNE
< alt-svc: h3=":443"; ma=86400
alt-svc: h3=":443"; ma=86400
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host unpkg.com left intact
Redirecting to http://unpkg.com/@alpinejs/[email protected]/dist/cdn.min.js