Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make HTTPS a hard requirement #5919

Closed
10 tasks done
dtdesign opened this issue May 19, 2024 · 0 comments · Fixed by #5949
Closed
10 tasks done

Make HTTPS a hard requirement #5919

dtdesign opened this issue May 19, 2024 · 0 comments · Fixed by #5949
Assignees
@dtdesign
Labels
Feature P1: Medium

Comments

@dtdesign
Copy link
Member

dtdesign commented May 19, 2024
edited
Loading

We’re currently still supporting HTTP environments to some extent, but there are already shortcomings in regards to newer browser features becoming more and more limited. Considering that Let’s Encrypt is widely adopted these days it is finally time to move to HTTPS only, allowing us to take advantage of never features.

HTTPS is a hard requirement of both #5805 and #5905 because (some part of) the underlying API is only available in secure contexts.

  • Check for HTTPS in the test script.
  • Validate HTTPS in the setup process.
  • Add the HTTPS check to the SystemCheckPage.
  • Add the HTTPS check to the IndexPage / notices box.
  • Redirect requests for the frontend from insecure contexts to HTTPS.
  • Add a pre-upgrade check to the upgrade from 6.0 to 6.1.
  • Make an exception for locally-delivered resources (also see DNSOP):
    • 127.0.0.1
    • localhost
    • *.localhost
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dtdesign dtdesign

Labels
Feature P1: Medium
Projects
WoltLab Suite 6.1
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make HTTPS a hard requirement WoltLab/WCF
1 participant
@dtdesign