We have a site that have redirection path like so:
Notice how it goes from http to http first (added a
/), then finally go to https
While ideally it should first go to HTTPS before adding a slash, it is what it is now. Moreover, user final destination is HTTPS so my thinking is it should be secure enough.
I would like to know if the above step would potentially raise any security concerns, and see if hardening is needed. Cheers!