#68 https is not forced on mail.teknik.io

Closed
opened 2 years ago by jimmybot · 4 comments
jimmybot commented 2 years ago

When I went to mail.teknik.io today, I reached http://mail.teknik.io/?/NoScript

But I noted, that the page was also available over https:

https://mail.teknik.io/?/NoScript

The site serves cookies and scripts so shouldn’t https be forced? especially for a email client?

Just a little concerned about how that could impact a tor user if the exit node does some trickery, the rest of teknik seems to be properly forced, this is the only current page I’ve seen served over http

When I went to mail.teknik.io today, I reached http://mail.teknik.io/?/NoScript But I noted, that the page was also available over https: https://mail.teknik.io/?/NoScript The site serves cookies and scripts so shouldn't https be forced? especially for a email client? Just a little concerned about how that could impact a tor user if the exit node does some trickery, the rest of teknik seems to be properly forced, this is the only current page I've seen served over http
Ghost commented 2 years ago

I’ve seen it happen with Firefox, set to never remember cookies. On Chrome/Windows and Safari/OS X, all Teknik’s subdomains get correctly redirected to the SSL connection.

Either it is an issue with the browser’s cookie settings or an issue with Firefox. You should only get redirected to http://mail.teknik.io/?/NoScript if you have JS disabled in your browser.

I've seen it happen with [Firefox, set to never remember cookies](https://git.teknik.io/Teknikode/Teknik/issues/65#issuecomment-341). On Chrome/Windows and Safari/OS X, all Teknik's subdomains get correctly redirected to the SSL connection. Either it is an issue with the browser's cookie settings or an issue with Firefox. You should only get redirected to `http://mail.teknik.io/?/NoScript` if you have JS disabled in your browser.
Ghost commented 2 years ago

@jimmybot please acknowledge, is your issue solved? If affirmative, close the issue. Over and out.

@jimmybot please acknowledge, is your issue solved? If affirmative, close the issue. Over and out.
Zero3K commented 2 years ago

I can confirm on my end that it has been fixed.

I can confirm on my end that it has been fixed.
Uncled1023 commented 1 year ago
Owner

Closing due to reports of it being fixed and no other issues recorded in regards to this.

Closing due to reports of it being fixed and no other issues recorded in regards to this.
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.