Open ghost opened 6 years ago
HTTPS is not required to sign in via OAuth. I've just tested it and had no warnings or issues. The website indeed does not have a proper certificate. I am planning to add it when I rewrite the server configuration in Ansible. But for now it would be too messy.
Oh okay. My best guess for my situation is: my HTTPS Everywhere is forcing OpenStreetMap to switch to HTTPS, and OpenStreetMap over HTTPS then forces the callback URL to be HTTPS too.
Would be cool to have HTTPS :) Nowadays it tends to confuse some users if there's no HTTPS connection, even if it is not strictly necessary in this case.
Was this fixed by #52?
Nope, not yet.
HTTPS is necessary to log in to OSM with OAuth, logging in fails as of now.
Am I being man-in-the-middled or are you not providing a valid cert?