Skip to content

Sidejack Prevention Phase 2: SSL Everywhere

Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were…

Author

Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were protected against sidejacking attempts. However, any user actions on gists and public repositories (such as issues, wikis, downloads) were still vulnerable.

Last night, we rolled out the next phase from our latest security audit: SSL everywhere. Every hit to the website, whether you’re logged in or not, is over HTTPS with a secure cookie.

This is a big step, but we’re still seeing some resources being served directly from other sites and giving SSL warnings. We’re going to address this issue next. In the meantime your browsers might give warnings that look like this.

Insecure Resources

Our next step will be to fix these insecure assets that you might see in commit and issue comments. We’re hoping to have the remaining issues fixed over the next few days.

Explore more from GitHub

Product

Product

Updates on GitHub products and features, hot off the press.
The ReadME Project

The ReadME Project

Stories and voices from the developer community.
GitHub Copilot

GitHub Copilot

Don't fly solo. Try 30 days for free.
Work at GitHub!

Work at GitHub!

Check out our current job openings.