Project

General

Profile

Actions
Copy link

Defect #20556

closed

Redirect to HTTPS

Added by Dennis Olsson over 9 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Website (redmine.org)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

http://www.redmine.org/account/register and other sensitive pages should (IMHO) redirect to HTTPS when passwords are involved. Even better would be to redirect all traffic, since session cookies are involved and impersonation is trivial if you are in the right/wrong position/place.

Adding as a defect since HTTPS is configured on the server.

Related issues

Related to Redmine - Feature #25764: Redmine site shoud send emails with HTTPS linksClosed

Actions
Related to Redmine - Defect #32434: Serve redmine.org over httpsClosed

Actions
Actions
Copy link
 #2

Updated by Fernando Hartmann over 7 years ago

+1

Actions
Copy link
 #3

Updated by Toshi MARUYAMA over 7 years ago

  • Related to Feature #25764: Redmine site shoud send emails with HTTPS links added
Actions
Copy link
 #4

Updated by Fernando Hartmann over 6 years ago

It become more important, because now Chrome is showing HTTP sites as Not Secure

Actions
Copy link
 #5

Updated by Bernhard Rohloff about 5 years ago

Actions
Copy link
 #6

Updated by Go MAEDA almost 5 years ago

  • Status changed from New to Closed
  • Resolution set to Fixed

The server now redirects HTTP traffic to HTTPS.

$ curl --head http://www.redmine.org/
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: https://www.redmine.org/
Actions
Copy link

Also available in: Atom PDF