jaspervdm
commented
5 years ago We have enabled http payments in latest v2.0.0-beta.1, I will add a warning when it is being used instead of https
Closed IstoraMandiri closed 5 years ago
jaspervdm
commented
5 years ago We have enabled http payments in latest v2.0.0-beta.1, I will add a warning when it is being used instead of https
In the docs you mention that HTTP is disabled for security reasons, which makes sense for most users/situations, but there are other cases where you may want to send via HTTP anyway, such as sending slates between multiple clients on a local machine, on trusted network, via a VPN, etc.
Strictly enforcing HTTPS is burdensome for people who want to implement their own network layer security (or don't care because they're just testing).
I understand the need to enforce good defaults, but it seems overkill to completely disable it when there are legit reasons to use HTTP. Maybe enable it if a flag is passed?
https://github.com/mimblewimble/grin-wallet/issues/66