You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Was just chatting with @juho-jaakkola and we concluded that https login feature doesn't do anything but mislead people. It doesn't add any security in case the connection is intercepted before the page is served, you can still submit the form insecurely by manually changing the scheme in the form action etc.
We propose to drop it entirely, and document that production sites should always be deployed behind https.
The text was updated successfully, but these errors were encountered:
Was just chatting with @juho-jaakkola and we concluded that https login feature doesn't do anything but mislead people. It doesn't add any security in case the connection is intercepted before the page is served, you can still submit the form insecurely by manually changing the scheme in the form action etc.
We propose to drop it entirely, and document that production sites should always be deployed behind https.
The text was updated successfully, but these errors were encountered: