[openstreetmap-website] Website should redirect HTTP connections to HTTPS (#833)

Donald Stufft notifications at github.com
Thu Nov 13 21:34:18 UTC 2014

Of course any mitm attacker can just strip the https from the login link so that end users get taken to the page over http :/

> On Nov 13, 2014, at 4:27 PM, danstowell <notifications at github.com> wrote:
> OK, but we don't need to carry the argument to extremes, to say that the suggestion is a bit too much for OSM (IMHO). Note that the login link automatically forces HTTP over to HTTPS, and then that continues by default (but isn't enforced), which seems appropriate to me.
>> Reply to this email directly or view it on GitHub.

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20141113/ba1c028b/attachment.html>

More information about the rails-dev mailing list