Opened 11 years ago

Closed 11 years ago

Last modified 10 years ago

#785 closed enhancement (fixed)

Avoid non-https logins

Reported by: anongoblin Owned by:
Priority: major Milestone:
Component: infrastructure Keywords:
Cc: Parent Tickets:

Description

It would be cool if this trac instance didn't permit non-https access, especially when people are entering login credentials. People shouldn't be reusing credentials between sites, but some people do anyway.

It might be worth deferring this until you have an SSL certificate signed by a CA that normal browsers will recognize.

Change History (3)

comment:1 by Simon Fondrie-Teitler, 11 years ago

Owner: set to Simon Fondrie-Teitler
Status: newin_progress

comment:2 by Simon Fondrie-Teitler, 11 years ago

http://issues.mediagoblin.org now redirects to https://. I'm working on getting wiki.mediagoblin.org fixed. Right now it's loading load.php files over http.

comment:3 by Simon Fondrie-Teitler, 11 years ago

Owner: Simon Fondrie-Teitler removed
Resolution: fixed
Status: in_progressclosed

wiki.mediagoblin.org also works over https now, and requests to the http version will redirect to the https correctly. Right now mediawiki is doing the redirects, since I told it the base url for the site is https://wiki.mediagoblin.org. I think we may have too old of a version of mediawiki.

Thanks to anongoblin for reporting this and pushing me to fix it, and to cwebber for getting the certs setup!

Note: See TracTickets for help on using tickets.