[openstreetmap/openstreetmap-website] Use https for links in e-mail notifications (#1341)
notifications at github.com
Wed Oct 26 15:21:12 UTC 2016
IMHO all links for registered/possible authenticated users should be https to make sure that they do not accidently use http and become a victim of a man-in-the-middle attack. Especially with openstreetmap I assume it is very common to use insecure wifi networks for example at conferences or in restaurants to contribute to it. Therefore it would be quite easy for attackers to read unencrypted traffic in these situations.
I do not know ruby on rails very good - does the notification code have access to the information about the request that triggered it so it can use the same protocol here?
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev