🔒 Website needs HTTPS support #307

tantek · 2017-03-29T19:40:53Z

Apologies if this is already on someone's to-do list somewhere.

Just noticed today when signing-in and liking some proposals, that opensourcebridge.org (and all the JS served from it) is HTTP-only (no HTTPS).

Besides all the usual reasons (see https://indieweb.org/HTTPS#Why) since the site has logins (even if OpenID / IndieAuth), it needs to support HTTPS to mitigate the Firesheep vuln.

Hopefully https://indieweb.org/HTTPS#How_to (in particular the LetsEncrypt pointers) can be helpful here.

Thanks for your consideration!

(full disclosure I too need to add proper HTTPS support to my own site, beyond the self-signed cert I'm using)

reidab · 2017-05-31T02:12:34Z

As we figure this out, we should coordinate with @ChrisFreeman to get the volunteer app secured.

reidab modified the milestone: Open Source Bridge 2017 Apr 16, 2017

reidab changed the title ~~Website needs HTTPS support~~ 🔒 Website needs HTTPS support Apr 17, 2017

shawnacscott mentioned this issue Apr 17, 2017

Suggestions for 2017 #292

Closed

1 task

reidab added the technology label Apr 17, 2017

gabelula assigned gabelula and 0xBEEB and unassigned gabelula Apr 30, 2017

gabelula assigned gabelula and unassigned 0xBEEB Jan 24, 2018

gabelula modified the milestones: OSB 2017: Pre-Conference, OSB 2018: Pre-Conference Jan 24, 2018

gabelula added the website label Jan 24, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🔒 Website needs HTTPS support #307

🔒 Website needs HTTPS support #307

tantek commented Mar 29, 2017 •

edited

Loading

reidab commented May 31, 2017

🔒 Website needs HTTPS support #307

🔒 Website needs HTTPS support #307

Comments

tantek commented Mar 29, 2017 • edited Loading

reidab commented May 31, 2017

tantek commented Mar 29, 2017 •

edited

Loading