jvasileff
commented
8 years ago :+1:
HTTPS is important for software distribution sites (especially ones as easy to use as Herd) to help ward off man-in-the-middle attacks.
Closed lucaswerkmeister closed 8 years ago
jvasileff
commented
8 years ago :+1:
HTTPS is important for software distribution sites (especially ones as easy to use as Herd) to help ward off man-in-the-middle attacks.
quintesse
commented
8 years ago I think nowadays it's a given that all sites should be using HTTPS, even if they only contain information.(And especially if a login is available somewhere) Look at Wikipedia for example, it immediately redirects to the HTTPS versions as well.
FroMage
commented
8 years ago As long as existing tools point to HTTP we have to redirect, but you can't use Herd without HTTPS ATM so closing this as good enough.
I've added the extra header to apache.
The Herd should be available exclusively over HTTPS. This means:
Locationheader), andover HTTPS, the server sends an HSTS header, like this:
to instruct web browsers to always redirect to the HTTPS version automatically.
Aside from all security concerns, there’s a very practical reason to do this too: Currently, each time you visit the HTTP version, your session is killed and you’re logged out, which is very annoying, since most Herd links are currently HTTP links. When browsers always rewrite links to HTTPS, this is no longer a problem.