search

Zverik / Level0

Web-based OpenStreetMap Editor
http://level0.osmz.ru
Do What The F*ck You Want To Public License
54 stars 14 forks source link

Misconfigured HTTPS #38

Open ghost opened 6 years ago

ghost commented 6 years ago

The owner of level0.osmz.ru has configured their website improperly.

  • The certificate is not trusted because it is self-signed.
  • The certificate expired on September 6, 2015, 9:49:00 AM GMT.

HTTPS is necessary to log in to OSM with OAuth, logging in fails as of now.

Am I being man-in-the-middled or are you not providing a valid cert?

Zverik commented 6 years ago

HTTPS is not required to sign in via OAuth. I've just tested it and had no warnings or issues. The website indeed does not have a proper certificate. I am planning to add it when I rewrite the server configuration in Ansible. But for now it would be too messy.

ghost commented 6 years ago

Oh okay. My best guess for my situation is: my HTTPS Everywhere is forcing OpenStreetMap to switch to HTTPS, and OpenStreetMap over HTTPS then forces the callback URL to be HTTPS too.

sebkur commented 4 years ago

Would be cool to have HTTPS :) Nowadays it tends to confuse some users if there's no HTTPS connection, even if it is not strictly necessary in this case.

waldyrious commented 3 years ago

Was this fixed by #52?

Zverik commented 3 years ago

Nope, not yet.