2020-07-20 UTC
# [dmitshur] for me, I have limited time/resources, and ensuring security of the authentication I implement is one of top priorities for me. it's already hard to implement IndieAuth (over HTTPS), I didn't want to make it even harder for me by also supporting HTTP and trying to ensure doing so doesn't compromise security. and I just don't see any benefits to supporting HTTP in 2020 given the abundance of free tools like lets encrypt, mkcert, etc.