pangolp
commented
2 years ago @Zanthed Any ideas on how to solve this?
Closed ghost closed 11 months ago
pangolp
commented
2 years ago @Zanthed Any ideas on how to solve this?
Kitzunu
commented
11 months ago Outdated
Some websites still don't do HSTS Preloading and clients can still be put at risk from downgrade attacks and MITMs. Instead of relying on the TLS client/browser to upgrade to HTTPS, define its usage already. Besides, every website just about now includes HTTPS on every link they put. (Browsers will usually warn on HTTP links anyways so should always just add the HTTPS link)
Areas on the wiki that only use HTTP are on the Windows Requirements page, and the Gemfiles downloading gems. However, I have not thoroughly looked for any more.
Docker Compose, without specifying a protocol, will try to open UDP and TCP. For sake of security and less need to open ports that have the potential to be already in use and error out Docker, define both the live reload and the wiki ports as TCP.