Defect #20556
Redirect to HTTPS
| Status: | New | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jean-Philippe Lang | % Done: | 0% | |
| Category: | Website (redmine.org) | |||
| Target version: | - | |||
| Resolution: | Affected version: |
Description
http://www.redmine.org/account/register and other sensitive pages should (IMHO) redirect to HTTPS when passwords are involved. Even better would be to redirect all traffic, since session cookies are involved and impersonation is trivial if you are in the right/wrong position/place.
Adding as a defect since HTTPS is configured on the server.
Related issues
History
#2
Updated by Fernando Hartmann over 2 years ago
+1
#3
Updated by Toshi MARUYAMA over 2 years ago
- Related to Feature #25764: Redmine site shoud send emails with HTTPS links added
#4
Updated by Fernando Hartmann about 1 year ago
It become more important, because now Chrome is showing HTTP sites as Not Secure