Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock down services which accept URLs to require https where possible #2637

Open
paulmelnikow opened this issue Jan 4, 2019 · 1 comment
Open

Lock down services which accept URLs to require https where possible #2637

paulmelnikow opened this issue Jan 4, 2019 · 1 comment
Labels
service-badge New or updated service badge

Comments

@paulmelnikow
Copy link
Member

Let's continue to nudge our ecosystem toward using https. For the most part, when we accept and refactor new services, we steer things that way, by using https endpoints and assuming https for user-provided URLs.

Let's push that forward wherever we can, perhaps by requiring https wherever we're accepting a user-provided URL.

In cases where we think there are sources which can't be migrated, we could add a flag ?allow_insecure. This would provide an extra hurdle, and would nudge them to use https if possible.
@paulmelnikow paulmelnikow added the service-badge New or updated service badge label Jan 4, 2019
@calebcartwright
Copy link
Member

In cases where we think there are sources which can't be migrated, we could add a flag ?allow_insecure. This would provide an extra hurdle, and would nudge them to use https if possible.

I like the sound of that!

@cyb3rko cyb3rko mentioned this issue Jan 6, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service-badge New or updated service badge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paulmelnikow @calebcartwright