-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use HTTPS links instead of HTTP #47
Comments
👍 |
|
Let's Encrypt is in public beta so you can (already) get certs for all your subdomains... |
And BTW: You may improve your SSL/TLS config: https://www.ssllabs.com/ssltest/analyze.html?d=forum.minetest.net |
In fact, Let's encrypt is already in use: https://crt.sh/?CN=%25.minetest.net&iCAID=7395 |
Okay, but there are still domains without HTTPS.Most notably the main domain (minetest.net). |
Wherever possible, HTTPS should be used instead of HTTP. I found the following places where HTTP is explicitly set:
servers.html
servers.minetest.net
is linked with HTTP, but it supports HTTPS, so it should be changed.irc.html
webchat.freenode.net
is linked with HTTP, but it supports HTTPS, so it should be changed.README.md
jekyllrb.com
is linked with HTTP, but it supports HTTPS, so it should be changed.www.minetest.net
is linked with HTTP, but it supports HTTPS. The certificate is self-signed, though, so only change this when the certificate gets signed (AFAIK @celeron55 plans to use Let's Encrypt when it's available).community.html
www.reddit.com
is linked with HTTP, but it supports HTTPS, so it should be changed.development.html
forum.minetest.net
is linked with HTTP, but it supports HTTPS, so it should be changed.dev.minetest.net
(same aswww.minetest.net
)downloads.html
minetest.net
(see above)dev.minetest.net
(see above)customize.html
wiki.minetest.net
(same aswww.minetest.net
)index.html
dev.minetest.net
(see above)Where possible, these should be changed to explicitly use HTTPS, or leave the protocol out, so the currently chosen protocol of the user is used. I personally would say, that we link external sites explicitly with HTTPS, and internal links (e.g. the link to
minetest.net
indownloads.html
) should have the front stripped.(Edited by sfan5 2015-01-04: The serverlist now supports HTTPS)
The text was updated successfully, but these errors were encountered: