#785 closed enhancement (fixed)
Avoid non-https logins
| Reported by: | anongoblin | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | infrastructure | Keywords: | |
| Cc: | Parent Tickets: |
Description
It would be cool if this trac instance didn't permit non-https access, especially when people are entering login credentials. People shouldn't be reusing credentials between sites, but some people do anyway.
It might be worth deferring this until you have an SSL certificate signed by a CA that normal browsers will recognize.
Change History (3)
comment:1 by , 11 years ago
| Owner: | set to |
|---|---|
| Status: | new → in_progress |
comment:2 by , 10 years ago
comment:3 by , 10 years ago
| Owner: | removed |
|---|---|
| Resolution: | → fixed |
| Status: | in_progress → closed |
wiki.mediagoblin.org also works over https now, and requests to the http version will redirect to the https correctly. Right now mediawiki is doing the redirects, since I told it the base url for the site is https://wiki.mediagoblin.org. I think we may have too old of a version of mediawiki.
Thanks to anongoblin for reporting this and pushing me to fix it, and to cwebber for getting the certs setup!
Note:
See TracTickets
for help on using tickets.
http://issues.mediagoblin.org now redirects to https://. I'm working on getting wiki.mediagoblin.org fixed. Right now it's loading load.php files over http.