Always load include.js over HTTPS (security issue) #1

Merged
merged 1 commit into from Feb 13, 2013

2 participants

@fmarier

The include.js file should not be loaded over HTTP because it would enable an attacker to do a man-in-the-middle attack.

Hard-coding the URL scheme to HTTPS will make it work on HTTP and HTTPS applications.

@altryne altryne merged commit 363bdc6 into altryne:master Feb 13, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment