It is a serious risk. Don't do it! Use HTTPS 👍 If your infra is on AWS, Certificate Manager does it in a few clicks. Same with Netlify for static sites. For everything else, @letsencrypt or zerossl.com
Everything that the user's browser touches has to be HTTPS.
This document talks about the details of several related attacks if you're interested tools.ietf.org/html/draft-ie…
Jul 29, 2019 · 3:41 PM UTC
1