http does not redirect to https

[garmeeh]

Describe the bug
Hey, I just came across your site earlier. I clicked a link from twitter where someone tweeted and mentioned pay.party this resulted in me landing on http://pay.party and getting the Not Secure warning.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'http://pay.party'
2. Notice it does not redirect to secure site

Expected behavior
It redirects to secure site

[wkarshat]

An issue with the site, not the app.
Tip.Party appears to handle http redirect correctly, but where's its site repo?

[hmrtn]

https://pay.party and https://app.pay.party / https://dev.pay.party does have the correct certificates. This is an issue with the landing page redirects. Looking into it.

[nyedidikeke]

An issue with the site, not the app. Tip.Party appears to handle http redirect correctly, but where's its site repo?

https://pay.party and https://app.pay.party / https://dev.pay.party does have the correct certificates. This is an issue with the landing page redirects. Looking into it.

@wkarshat @hmux The challenge is not with "the site" nor "the app". Neither it is about correctness of TLS certificates; it is about unencrypted data in transit, thereby making users more susceptible to attacks.
I wouldn’t have the site available over HTTP and HTTPS, and redirect HTTP to HTTPS - it would work; Yes, but strongly discouraged.

An attacker resolved to launch a MITM attack on users could persuade them to visit your site over plain HTTP. The attacker may fake your site and acquire sensitive data from your users, or proxy to the legitimate HTTPS version of your site and snoop all data, if traffic could be diverted (e.g. DNS poisoning).

Why not serve just one version of the site (HTTPS only), simply redirect incoming HTTP traffic to HTTPS, then enable HSTS to aid in the prevention of the scenario above?