Closed boredabdel closed 3 months ago
jberkus
commented
5 months ago We can obviously do this. Should we, though?
@coderanger @sreeram-venkitesh @fykaa @mfahlandt ?
LWKD has zero interactive components, so we're not protecting anyone's security by disabling HTTP. Thoughts?
boredabdel
commented
5 months ago These are all valid point. I have few reasons for to why https should be the default
mfahlandt
commented
5 months ago I think it would make sense to do it.
One reason would be https is becoming more or less industry standard. Websites with http are ranked lower by google - (Google Search Central Blog 2014).
Also, as a paranoid European we don't trust websites that are not https given of the browser integrations. I don't know if the Kubernetes project recives any support from the EU via the CNCF, but basically there is a law that all websites of EU funded projects need to use https.
Also we don't loose anything
So a +1 from me for this issue
sreeram-venkitesh
commented
5 months ago +1 from me as well for enforcing https.
fykaa
commented
5 months ago Yes, considering the potential security warnings in modern browsers and the impact on Google rankings, it seems like a reasonable step to take! As for the concerns about the lack of interactive components in LWKD, I believe that adopting HTTPS is not just about protecting interactive components but also about overall web security and user trust, so +1
jberkus
commented
3 months ago Done, thanks.
Your Item for LWKD While checking the github pages serving lkwd.info I realised http to https redirect is not enabled. You can still visit http://lkwd.info and it will work without https
You can enforce https in the settings part of this repo and github will automatically redirect from http to https https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https