HTTPS Best Practices Section

bengreeley commented 6 years ago

I created a PR to add HTTPS to the systems best practices page. Since internally we strive for all of our sites to be HTTPS, it makes sense that this should be added to our best practice documents. There's much more information that could be added here, but my initial goals were

1) To have HTTPS be included in the best practices to point engineers to the appropriate section with an explanation of why it's considered a best practice 2) To talk about some best practices when implementing HTTPS.

https://github.com/10up/Engineering-Best-Practices/tree/feature/https

The addition of this section also could introduce the opportunity to highlight the following:

Best practices from a systems perspective when implementing HTTPS (if any). We touch on this in an earlier section on NGINX, so it may be a bit redundant. @tott @TheLastCicada curious of your thoughts here.
It would be great to link to a 10up plugin for checking insecure content. I know our Insecure Content Warning plugin is currently private, but this would be a great opportunity to add that as a best practice.

tlovett1 commented 6 years ago

@bengreeley can you open the PR?

bengreeley commented 6 years ago

@tlovett1 You've got it: https://github.com/10up/Engineering-Best-Practices/pull/264

10up / Engineering-Best-Practices

HTTPS Best Practices Section #253