Defect #20556

Redirect to HTTPS

Added by Dennis Olsson almost 5 years ago. Updated 6 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Website (redmine.org)
Target version:-
Resolution:Fixed Affected version:

Description

http://www.redmine.org/account/register and other sensitive pages should (IMHO) redirect to HTTPS when passwords are involved. Even better would be to redirect all traffic, since session cookies are involved and impersonation is trivial if you are in the right/wrong position/place.

Adding as a defect since HTTPS is configured on the server.


Related issues

Related to Redmine - Feature #25764: Redmine site shoud send emails with HTTPS links Closed
Related to Redmine - Defect #32434: Serve redmine.org over https Closed

History

#2 Updated by Fernando Hartmann about 3 years ago

+1

#3 Updated by Toshi MARUYAMA about 3 years ago

  • Related to Feature #25764: Redmine site shoud send emails with HTTPS links added

#4 Updated by Fernando Hartmann almost 2 years ago

It become more important, because now Chrome is showing HTTP sites as Not Secure

#5 Updated by Bernhard Rohloff 8 months ago

#6 Updated by Go MAEDA 6 months ago

  • Status changed from New to Closed
  • Resolution set to Fixed

The server now redirects HTTP traffic to HTTPS.

$ curl --head http://www.redmine.org/
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: https://www.redmine.org/

Also available in: Atom PDF