[OSM-dev] Usage of the standard dev server

Tom Hughes tom at compton.nu
Thu Feb 4 14:43:24 UTC 2016


On 03/02/16 21:51, markus schnalke wrote:

>> Adding https is also a bit tricky at the moment I think, but should be
>> possible if/when we switch to letsencrypt.
>
> That would be great and important, because HTTP Basic Authentication
> should not be done unencrypted. In developing an editor, one would want
> to ensure that the API is always called via HTTPS, if HTTP Basic Auth is
> to be used. Testing such an editor is thus not possible with the testing
> API.

If you're developing a new editor you should be using OAuth not HTTP 
basic auth.

Tom

-- 
Tom Hughes (tom at compton.nu)
http://compton.nu/



More information about the dev mailing list