Skip to content

Enforce https #495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 31, 2022
Merged

Enforce https #495

merged 1 commit into from
Aug 31, 2022

Conversation

julien-nc
Copy link
Member

Performing the login flow with HTTP reveals/exposes secret information. Login and code endpoints are now rejecting HTTP requests.

OpenId specs regarding TLS are not very clear but can be interpreted as "better use HTTPS".

I took the opportunity to make some polishing to the Login controller. I hope this is not too out of scope 😁.

@julien-nc julien-nc added enhancement New feature or request security Pull requests that address a security vulnerability labels Aug 31, 2022
@julien-nc julien-nc requested a review from juliusknorr August 31, 2022 15:21
@julien-nc julien-nc force-pushed the fix/noid/enforce-https branch from 48cbb72 to 2bc8b3c Compare August 31, 2022 15:26
@juliusknorr
Copy link
Member

Can we disable the check in debug mode ? Otherwise local development becomes a bit harder

@julien-nc julien-nc force-pushed the fix/noid/enforce-https branch from 2bc8b3c to 991fca0 Compare August 31, 2022 15:49
Copy link
Member

@juliusknorr juliusknorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, now running integration tests in debug mode should also pass again :)

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
@julien-nc julien-nc force-pushed the fix/noid/enforce-https branch from 991fca0 to 8dd6baf Compare August 31, 2022 16:18
@julien-nc julien-nc merged commit 95daf74 into master Aug 31, 2022
@julien-nc julien-nc deleted the fix/noid/enforce-https branch August 31, 2022 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request security Pull requests that address a security vulnerability
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants