They actually left the original Space Jam site up. I think the developers knew i...

slyall · 2025-05-15T06:49:03 1747291743

They managed to break https://www.spacejam.com/ though. It redirects to https://www.spacejamanewlegacy.net/ which has a bad cert and then goes into a redirect loop.

So broken after just 4 years

genewitch · 2025-05-15T06:52:03 1747291923

Hey give Disney a break they're a small company with only a few employees. Maybe tbe certifier is on vacation.

backspace_ · 2025-05-15T11:59:08 1747310348

Looney toons is a Warner Brothers property, not Disney.

genewitch · 2025-05-15T18:36:29 1747334189

I wasn't thinking. you are of course correct. My brain conflated because both are based in burbank. yeah, that's what i am going with.

Thorrez · 2025-05-15T10:55:50 1747306550

Hmm, I didn't get a redirect https://www.spacejamanewlegacy.net/

a57721 · 2025-05-15T14:06:41 1747318001

http://www.spacejamanewlegacy.net/ responds with "HTTP 301, Location: https://www.spacejam.com/"

Thorrez · 2025-05-16T05:45:10 1747374310

Sorry, my previous comment omitted a word. I meant to say "I didn't get a redirect to https://www.spacejamanewlegacy.net/ ".

slyall claimed to be redirected to https://www.spacejamanewlegacy.net/ .

shakna · 2025-05-15T11:27:11 1747308431

I got the loop in both desktop Chrome and Firefox, as well as Android Chrome, Brave and Firefox (though these timed out after a few loops, unlike the desktop).

Were you maybe on Safari/iOS?

Thorrez · 2025-05-16T05:46:57 1747374417

I visited https://www.spacejam.com/ with Chrome on Windows, Firefox on Windows, and Chrome on Android. It didn't redirect for any of them.

shakna · 2025-05-16T10:54:32 1747392872

The loop most definitely exists. It's rather odd you're not seeing it. Everything I can use to talk to the server gets the 301/302 redirects.

Using yet another machine and curl:

    curl -vvv --insecure https://spacejam.com
     < HTTP/2 301 
     < date: Fri, 16 May 2025 10:45:08 GMT
     < content-type: text/html; charset=iso-8859-1
     < content-length: 233
     < location: https://www.spacejam.com/
     < server: nginx
     < cache-control: max-age=600
     < expires: Fri, 16 May 2025 10:51:34 GMT
     < 
     <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
     <html><head>
     <title>301 Moved Permanently</title>
     </head><body>
     <h1>Moved Permanently</h1>
     <p>The document has moved <a href="https://www.spacejam.com/">here</a>.</p>
     </body></html>
     ...
     \* Connection #0 to host www.spacejamanewlegacy.net left intact

    curl -vvv --insecure www.spacejamanewlegacy.net
     < HTTP/1.1 302 Found
     < Date: Fri, 16 May 2025 10:46:53 GMT
     < Server: Apache/2.4.62 () OpenSSL/1.0.2k-fips
     < X-Powered-By: PHP/8.0.30
     < Strict-Transport-Security: max-age=15768000
     < Upgrade: h2,h2c
     < Connection: Upgrade
     < Location: https://www.spacejamanewlegacy.net/
     < Transfer-Encoding: chunked
     < Content-Type: text/html; charset=UTF-8
     \* Connection #0 to host www.spacejam.com left intact

Thorrez · 2025-05-17T06:08:24 1747462104

Your request to https://spacejam.com is redirected to https://www.spacejam.com/ .

Your request to http://www.spacejamanewlegacy.net is redirected to https://www.spacejamanewlegacy.net/ .

You never tried making a request to https://www.spacejam.com/ .

Go to https://reqbin.com/ and enter https://spacejam.com . It gives 1 redirect (to https://www.spacejam.com/ ) then HTML.

shakna · 2025-05-17T22:58:44 1747522724

I think you missed which servers are connected at the end of which request, there.

Reqbin receives an upgrade request to HTTP2, that it never follows.

Thorrez · 2025-05-21T07:39:38 1747813178

The curl output you post confuses me. Can you post the full output? The output you posted didn't show a redirect loop. But since you cut out content, maybe there was a redirect loop that I can't see.

Here's my full curl output. No redirect loop:

    curl -vvv --insecure https://spacejam.com
    * Rebuilt URL to: https://spacejam.com/
    *   Trying 75.2.104.223...
    * TCP_NODELAY set
    * Connected to spacejam.com (75.2.104.223) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/certs/ca-certificates.crt
      CApath: /etc/ssl/certs
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS change cipher, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * ALPN, server accepted to use http/1.1
    * Server certificate:
    *  subject: C=US; ST=California; L=Burbank; O=WARNER BROS. ENTERTAINMENT INC.; CN=www.spacejam.com
    *  start date: Jul 15 15:36:27 2024 GMT
    *  expire date: Aug 16 15:36:26 2025 GMT
    *  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
    *  SSL certificate verify ok.
    > GET / HTTP/1.1
    > Host: spacejam.com
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 302 Found
    < Date: Wed, 21 May 2025 07:29:29 GMT
    < Server: Apache/2.4.62 () OpenSSL/1.0.2k-fips
    < X-Powered-By: PHP/8.0.30
    < Strict-Transport-Security: max-age=15768000
    < Upgrade: h2,h2c
    < Connection: Upgrade
    < Location: https://www.spacejam.com/
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    <
    * Curl_http_done: called premature == 0
    * Connection #0 to host spacejam.com left intact


    curl -vvv --insecure https://www.spacejam.com
    * Rebuilt URL to: https://www.spacejam.com/
    *   Trying 52.87.20.172...
    * TCP_NODELAY set
    * Connected to www.spacejam.com (52.87.20.172) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/certs/ca-certificates.crt
      CApath: /etc/ssl/certs
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS change cipher, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * ALPN, server accepted to use http/1.1
    * Server certificate:
    *  subject: C=US; ST=California; L=Burbank; O=WARNER BROS. ENTERTAINMENT INC.; CN=www.spacejam.com
    *  start date: Jul 15 15:36:27 2024 GMT
    *  expire date: Aug 16 15:36:26 2025 GMT
    *  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
    *  SSL certificate verify ok.
    > GET / HTTP/1.1
    > Host: www.spacejam.com
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Date: Wed, 21 May 2025 07:30:35 GMT
    < Server: Apache/2.4.62 () OpenSSL/1.0.2k-fips
    < X-Powered-By: PHP/8.0.30
    < Strict-Transport-Security: max-age=15768000
    < Upgrade: h2,h2c
    < Connection: Upgrade
    < Vary: Accept-Encoding
    < Transfer-Encoding: chunked
    < Content-Type: text/html; charset=UTF-8
    <
    <!doctype html>
    <html lang="en">
    <head>
            <meta charset="utf-8">
            <meta http-equiv="X-UA-Compatible" content="IE=edge">
            <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
            <title>
                    Space Jam: A New Legacy | Official Site </title>
    ...
    </body>
    * Curl_http_done: called premature == 0
    * Connection #0 to host www.spacejam.com left intact
    </html>


    curl -vvv --insecure www.spacejamanewlegacy.net
    * Rebuilt URL to: www.spacejamanewlegacy.net/
    *   Trying 52.11.38.202...
    * TCP_NODELAY set
    * Connected to www.spacejamanewlegacy.net (52.11.38.202) port 80 (#0)
    > GET / HTTP/1.1
    > Host: www.spacejamanewlegacy.net
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 301 Moved Permanently
    < Date: Wed, 21 May 2025 07:32:05 GMT
    < Content-Type: text/html; charset=iso-8859-1
    < Content-Length: 233
    < Connection: keep-alive
    < Server: nginx
    < Location: https://www.spacejam.com/
    < Cache-Control: max-age=600
    < Expires: Wed, 21 May 2025 07:37:50 GMT
    <
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>301 Moved Permanently</title>
    </head><body>
    <h1>Moved Permanently</h1>
    <p>The document has moved <a href="https://www.spacejam.com/">here</a>.</p>
    </body></html>
    * Curl_http_done: called premature == 0
    * Connection #0 to host www.spacejamanewlegacy.net left intact

>Reqbin receives an upgrade request to HTTP2, that it never follows.

You mean Reqbin receives a response with an Upgrade: h2,h2c header? That's not exactly a request to upgrade. That's the server advertising that it supports those protocols for upgrading. The client is free to ignore them. Also, h2 is actually an invalid upgrade protocol, not listed in the standard:

https://www.iana.org/assignments/http-upgrade-tokens/http-up...

https://stackoverflow.com/questions/67583138/why-does-the-ht...

According to that SO post, Apache advertises Upgrade: h2, h2c in its responses, but if the client attempts to upgrade to h2, Apache ignores it. So I believe Reqbin is doing the correct thing in not upgrading to h2. As for upgrading to h2c, that also wouldn't be possible, because that header was sent in response to an https:// request, but h2c only makes sense when upgrading from an http:// request.

dag11 · 2025-05-15T05:29:44 1747286984

Oh man I forgot all about <frameset> and <frame> tags to create navigation. From the early days before we had dynamic sites or static site generators with templates, we had our browsers do our "templating" for us!

dowager_dan99 · 2025-05-15T18:22:59 1747333379

frameset was THE basis for building manual-style resources back in the day!

* nav header; search (if you could figure out how to make it work)

* Table of contents

* main content pane

fun times!

yawnxyz · 2025-05-15T06:44:01 1747291441

I love how the new Space Jam website is ALSO in the 90's style! https://www.spacejam.com/2021/

silisili · 2025-05-15T05:15:17 1747286117

Nice! Never knew that. I wish more companies with popular sites did this. I'm sure it cost them about no money nor time to just shovel it off like this.

Lammy · 2025-05-15T05:24:04 1747286644

>look inside

>Google Analytics

reddalo · 2025-05-15T06:27:45 1747290465

They moved everything under /1996 when the new movie came out, and while doing so they broke some pages.