OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-566
onedev.io is served over unsecure HTTP (OD-566)
Grégory Teste opened 4 years ago

Not really a bug but when manually accessing http://onedev.io, it will happily serve it over HTTP (which is no big deal I guess), however, it also serves the login page (http://onedev.io/login) and the signup page (http://onedev.io/signup) over HTTP which leads to unencrypted passwords going over the wire.

You should consider automatically redirecting to HTTPS (or to code.onedev.io) since it is publicly accessible.

  • GrĂ©gory Teste changed title 4 years ago
    Previous Value Current Value 
    onedev.io is server over unsecure HTTP
    		 
    onedev.io is served over unsecure HTTP
  • Robin Shen changed state to 'Closed' 4 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • Robin Shen commented 4 years ago

    Fixed. Thanks a lot!

issue 1/1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
OD-566
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover