New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Website needs HTTPS #918

Closed
rugk opened this Issue May 22, 2018 · 12 comments

Comments

Projects
None yet
2 participants
@rugk

rugk commented May 22, 2018

@pbek

This comment has been minimized.

Owner

pbek commented May 22, 2018

There is a https://www.qownnotes.org/
The short answer why I don't redirect all http-requests is because of QOwnNotes update-checks on old versions of QOwnNotes... Of course I could play around with apache-rules...

@rugk

This comment has been minimized.

rugk commented May 22, 2018

Well… how old are these "old versions"? Should not they have been upgraded already?

@pbek

This comment has been minimized.

Owner

pbek commented May 22, 2018

Years old. I neither can force users to upgrade QOwnNotes nor force them to upgrade their Linux distributions to have newer versions of Qt (that support redirects in web-requests).

@pbek pbek added the enhancement label May 22, 2018

@rugk

This comment has been minimized.

rugk commented May 22, 2018

So which distros are affected?

@pbek

This comment has been minimized.

Owner

pbek commented May 22, 2018

For not having redirects? All Qt versions below Qt 5.6... (so that's also Ubuntu 16.04 with Qt 5.5) Why is that important for you to know?

@rugk

This comment has been minimized.

rugk commented May 22, 2018

Well… to see how old they are… So 16.04 LTS is supported until 2021-04… Holy cow, that's a long time.

So yes, better do some Apache tricks. E.g. you can set the HSTS header and redirect the front page only (i.e. /) to HTTPS.

@pbek

This comment has been minimized.

Owner

pbek commented May 22, 2018

https is done by cloudflare, I cannot set a HSTS header

@pbek

This comment has been minimized.

Owner

pbek commented May 22, 2018

...but I can redirect to https via javascript.

@rugk

This comment has been minimized.

rugk commented May 22, 2018

Of course you can set a HSTS Header on Cloudflare, they support it with a button or so there. Also the redirect, I guess.

@pbek

This comment has been minimized.

Owner

pbek commented May 22, 2018

Those settings are for all sub-domains of a domain and for all paths on that sub-domain. I don't want neither of these...

@pbek

This comment has been minimized.

Owner

pbek commented May 24, 2018

18.05.7

  • despite users having problems in the past with fetching the update request
    via SSL are we trying to use https for the update request again

@pbek pbek added this to the 18.05.7 milestone May 24, 2018

@pbek

This comment has been minimized.

Owner

pbek commented May 24, 2018

There now is a new release. ;)

@pbek pbek closed this May 24, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment