Yeah if they had HSTS this obviously still wouldn't be optimimal config but it'd mitigate many of the privacy and security risks.
This should obviously also be combined with a standard 304 redirect.
Discussion
Im surprised http doesnt redirect to https as it's s not too hard to setup (though I use Traefik). Been meaning to figure out hsts myself sometime.
It would normally redirect in a browser, but since it is pasted in a note, and we are seeing you the link without https, it is saved in the note and still accessible.. nostr:npub137c5pd8gmhhe0njtsgwjgunc5xjr2vmzvglkgqs5sjeh972gqqxqjak37w made some major updates to the upload API, will fix soon..
