[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"

From: Assaf Gordon
Subject: Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"
Date: Wed, 15 Mar 2017 11:26:16 -0400


> On Mar 14, 2017, at 16:34, Leo Famulari <address@hidden> wrote:
>> The Savannah login page includes a checkbox that reads "Stay in secure
>> (https) mode after login".
>> [...]So I'm wondering, what does that checkbox do?


Indeed, forcing HTTPS on login-related pages is a recent improvements.

Thanks for taking the time to check the mailing and look for past discussions - 
much appreciated.

>> While logged in, I manually entered the HTTP URL and was still able to
>> access the administration interface for a group that I administer over
>> the unauthenticated connection.

There is an on-going discussion about forcing HTTPS everywhere on savannah.

Can you provide a specific example of a URL you can access in HTTP,
and it allows you to make changes (I don't doubt it's possible, just need a 
to ease testing).

 - assaf

reply via email to

[Prev in Thread] Current Thread [Next in Thread]