[openstreetmap-website] Website should redirect HTTP connections to HTTPS (#833)

SomeoneElseOSM notifications at github.com
Sat Nov 15 00:44:46 UTC 2014

I'm a user who's regularly either (a) behind an ISP that cocks up https routing or (b) using a phone in the middle of nowhere where you just possibly _might_ get a signal.  To require (or make it difficult for a normal user to opt out of) https access seem to be a retrograde step for me.  

I'm fully aware of the trade-off that http vs https access implies (and in the case of mobile access, the information that's shared with the network, the OS provider and app providers, independently of the protocol used to access a particular website).  

To say that this means that there is a "lack of privacy/security concerns people in here have for their users" seems like a "nanny knows best" argument not really grounded in the real world.  The way that OSM handles things currently (switch to https if you've initially connected via http at the point that you log in) seems like the best solution to me.  For me it's not broken; no need to fix.

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20141114/69d8fe86/attachment.html>

More information about the rails-dev mailing list