SShortSingh.
Back to feed

Cloudflare's Flexible SSL leaves your origin traffic unencrypted despite padlock

0
·2 views

Cloudflare's Flexible SSL mode encrypts traffic only between visitors and Cloudflare, leaving the connection between Cloudflare and the origin server as plain HTTP. This means sensitive data such as session cookies and login credentials can be exposed in transit, even though browsers display the standard security padlock. The issue is widespread because the padlock gives users, developers, and security scanners a false sense of complete encryption. The recommended fix is to switch to Full (Strict) mode, which requires installing a valid certificate on the origin server — either via Let's Encrypt or Cloudflare's own Origin CA. Enabling the 'Always Use HTTPS' toggle in the Cloudflare dashboard is also advised to prevent downgrade attacks on the initial request.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

IETF Officially Adds HTTP QUERY Method to Fix Long-Standing API Design Problem

The Internet Engineering Task Force published RFC 10008 in June 2026, formally introducing the HTTP QUERY method as a new standard. The method was created to address a decades-old problem where developers had to misuse POST for complex, read-only search requests that were too large for a URL. Unlike POST, QUERY is defined as safe and idempotent, meaning intermediaries and caches can treat it as a read-only operation that never modifies server state. It supports a structured request body, allowing complex filters, nested logic, and sorting parameters to be sent cleanly without bloating URLs. The addition is expected to improve API clarity, protect sensitive query parameters from server logs, and enable better caching support from CDNs and proxies.

0
ProgrammingDEV Community ·

Distributed Tracing Cuts Incident Response Time Only When Teams Change Workflows

Most organizations correctly instrument distributed tracing but continue to debug production incidents using log searches and guesswork, negating the tool's value. The real benefit of tracing emerges only when engineering teams shift their debugging habit to start from a trace ID rather than a log query. This behavioral shift can reduce mean time to resolution from around 90 minutes to roughly 15 minutes by revealing the full request path and pinpointing bottlenecks quickly. Experts emphasize this is fundamentally a cultural change rather than a tooling problem. The insight is particularly relevant for site reliability and platform engineering teams looking to improve incident response efficiency.

0
ProgrammingDEV Community ·

Local LLM qwen3-coder:30b Scores 22.8 vs Claude's 89.4 in Real Agent Benchmark

A developer benchmarked qwen3-coder:30b against Claude by replaying 27 real historical tasks through Jarvis, a personal AI agent built on LangGraph with roughly 90 tools covering email, calendar, files, and code. Claude averaged a quality score of 89.4 out of 100 while qwen3-coder:30b averaged just 22.8, underperforming across all seven task categories. The local model was approximately 5,150 times cheaper per task, costing $0.00015 in GPU electricity versus $0.763 in API fees for Claude. qwen3-coder:30b also showed reliability issues, leaking malformed tool-call tags in 26% of responses and selecting the correct tools only 14.8% of the time. The author notes a potential self-preference bias since a Claude model was used as the judge, but argues it does not account for the 66-point quality gap or the high malformed-output rate.

0
ProgrammingDEV Community ·

iOS Developer Candidates Score Lowest in Tech Interviews, Analysis of 83,000 Sessions Shows

A study by Final Round AI analyzing 83,421 live interview sessions across 14 tech roles from October 2022 to September 2025 found that iOS Developer candidates averaged the lowest answer-quality score at 50.6 out of 100. The data attributes this gap to a mismatch between general software engineering preparation resources and the deep, Apple-platform-specific knowledge that iOS interviews demand. In contrast, Product Manager candidates scored highest at 59.0, likely because a well-developed prep ecosystem around frameworks like STAR and CIRCLES helps them structure answers more effectively. Software Engineer scores have also declined by 2.6 points since 2023, possibly reflecting a higher technical bar at major companies and more candidates entering live sessions without structured preparation. The dataset average across all 14 roles stood at 55.3, suggesting that preparation alignment — not raw interview difficulty — is a key driver of candidate performance.