search

inch-ci / inch_ci-web

Web frontend for Inch CI
http://inch-ci.org/
MIT License
139 stars 20 forks source link

HTTPS issues #105

Open rugk opened 9 years ago

rugk commented 9 years ago

Continues https://github.com/inch-ci/inch_ci-web/issues/39

I saw you support HTTPS when I looked at your site and created a ruleset for HTTPS everywhere. However your server config currently is pretty bad and you are even attackable by Poodle (bec. of SSLv3). Additionally you may want to redirect your users automatically to the HTTPS version, because this would protect their session cookies. Another thing which you may consider is adding www as an additional subdomain in your cert, so visitors who may be (accidentally) visit www.inch-ci.org do not get connection errors.

Additionally you may want to consider adding HTTPS support to http://trivelop.de/ too.

[ad] :wink: Besides this I see that your cert seems to expire soon. You may want to try out Let's Encrypt - a free automated CA.

fuglede commented 9 years ago

As another minor point, this page serves some inactive mixed content.

rrrene commented 9 years ago

Will have a look at Let's Encrypt when the public beta starts!

@fuglede Mixed-content warning should be fixed.

rugk commented 9 years ago

:+1: Nice. :smile: