OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #566
#566  onedev.io is served over unsecure HTTP
Closed
Grégory Teste opened 2 years ago

Not really a bug but when manually accessing http://onedev.io, it will happily serve it over HTTP (which is no big deal I guess), however, it also serves the login page (http://onedev.io/login) and the signup page (http://onedev.io/signup) over HTTP which leads to unencrypted passwords going over the wire.

You should consider automatically redirecting to HTTPS (or to code.onedev.io) since it is publicly accessible.
Grégory Teste changed title 2 years ago
Previous Value Current Value 
onedev.io is server over unsecure HTTP
 
onedev.io is served over unsecure HTTP
Robin Shen changed state to 'Closed' 2 years ago
Previous Value Current Value 
Open
 
Closed
Robin Shen commented 2 years ago

Fixed. Thanks a lot!
issue 1 of 1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
onedev/server#566
Please wait...
Page is in error, reload to recover