Support of HTTPS - Githubissues

c2corg / v6_ui

UI for c2c.org v6

GNU Affero General Public License v3.0

7 stars 12 forks source link

Support of HTTPS #842

Closed asaunier closed 7 years ago

asaunier commented 7 years ago

The demo is now available with HTTPS: https://www.demov6.camptocamp.org/

Please report here the HTTPS-related issues:

[x] the API URL should use HTTPS as well (else the feed and other API requests fail) => config
[x] images should be loaded with HTTPS as well => config
[x] links to the forum should use HTTPS => config
[x] the ad banner should use HTTPS => probably some config to fix in the ad server

According to @mfournier

I suggest to enable HSTS then, which will force (modern) browsers to switch to https.

asaunier commented 7 years ago

I have made the change in the adserver + made changes in the UI and API demo configs (not tested!). @arnaud-morvan looks good to you?

asaunier commented 7 years ago

We have to make sure that

https://github.com/c2corg/v6_ui/pull/844#issuecomment-258438908

The urls are generated with route_url. But we will have to test if this works correctly.

works as expected.

stef74 commented 7 years ago

We can probably also use HTTP2 ...

stef74 commented 7 years ago

Warning with HSTS need to have full validate certificate (for none production instance also), exception cannot be possible in browser

asaunier commented 7 years ago

I have merged both PRs because anyway we have no other way to test if they do the job then to do it in the beta demo (no other instance available with https) and we cannot wait for the golive to test it.

For route_url I am quite confident because anyway I think we have replaced them by route_path that creates relative URLs.

stef74 commented 7 years ago

@asaunier close and add task to force HTTPS in trello ?

asaunier commented 7 years ago

No idea if this part should be done during golive. @mfournier what do you think?