alt Hacker NewsAnyone else surprised that the download links are plain HTTP without SSL? I know it's a page that in the past I would have typically not worried about securing - but nowadays it's SSL everything or else your browser yells at you.
Replies
Yeah, this is bad. The page almost seems like someone’s pet project that didn’t have any explicit funding and they got bored or left Netflix in 2020. I’m not sure how that would explain the lack of SSL cert except for just general lack of thoroughness.
I'm surprised they didn't use BitTorrent, with these HTTP links as web seeds. That'd make the most sense.
The page look like zero effort given anyway, like one of the free templates you can find.
this is hosted on s3 which doesn't support HTTPS, that said - if they used cloudfront in front of this bucket, they could save $$$ and have a SSL
Quite surprising. It does seem like you can get an https download with
Which is hitting the bucket path route at: https://s3.amazonaws.com/download.opencontent.netflix.com/sp..."aws s3 ls" similarly requests: https://s3.amazonaws.com/download.opencontent.netflix.com?li...