[Python-Dev] HTTPS on bugs.python.org (original) (raw)
Victor Stinner victor.stinner at gmail.com
Fri Sep 1 08:57:25 EDT 2017
- Previous message (by thread): [Python-Dev] PEP 539 (second round): A new C API for Thread-Local Storage in CPython
- Next message (by thread): [Python-Dev] HTTPS on bugs.python.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
When I go to http://bugs.python.org/ Firefox warns me that the form on the left to login (user, password) sends data in clear text (HTTP).
Ok, I switch manually to HTTPS: add "s" in "http://" of the URL.
I log in.
I go to an issue using HTTPS like https://bugs.python.org/issue31250
I modify an issue using the form and click on [Submit Changes] (or just press Enter): I'm back to HTTP. Truncated URL:
http://bugs.python.org/issue31250?@ok_message=msg%20301099%20created%...
Hum, again I switch manually to HTTPS by modifying the URL:
https://bugs.python.org/issue31250?@ok_message=msg%20301099%20created%...
I click on the "clear this message" link: oops, I'm back to the HTTP world...
http://bugs.python.org/issue31250
So, would it be possible to enforce HTTPS on the bug tracker?
The best would be to always generate HTTPS urls and maybe redirect HTTP to HTTPS.
Sorry, I don't know what are the best practices. For example, should we use HTTPS only cookies?
Victor
- Previous message (by thread): [Python-Dev] PEP 539 (second round): A new C API for Thread-Local Storage in CPython
- Next message (by thread): [Python-Dev] HTTPS on bugs.python.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]