[openstreetmap/openstreetmap-website] Use https for links in e-mail notifications (#1341)

Tom Hughes notifications at github.com
Wed Oct 26 15:38:57 UTC 2016


Yes our dev servers are a case in point, but the simple answer is that we have no idea who is using the code and in what configurations.

I also fail to see how you can MITM a link to a user from a friend message - it's a public link that anybody can visit! The links which matter are the ones that will automatically log you in, which is the signup confirmation and the password reset link and possibly the email change but I would need to check that.

I am not going to allow this PR to be used to pursue "https by default" by the backdoor. If you want to argue for that then it is a separate discussion and it's not a decision I'm going to make by myself as the primary maintainer of the code - it's a policy issue not a codign issue.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/1341#issuecomment-256385906
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20161026/d853ae24/attachment.html>


More information about the rails-dev mailing list