New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS is a requirement now #334

Closed
Cheesebaron opened this Issue Sep 6, 2017 · 28 comments

Comments

Projects
None yet
@Cheesebaron
Member

Cheesebaron commented Sep 6, 2017

There are many reasons to switch to HTTPS, some of the important ones include

  • Protecting privacy
  • Browsers getting more strict
  • HTTP 2
  • 3rd party inclusion
  • Apple Transport Security and Android usesCleartextTraffic = false requires SSL

We at Planet Xamarin support the movement of switching everything to use HTTPS and we encourage and expect authors to switch too.

20th September 2017, we will go through all author classes and ensure that blogs support HTTPS. Those who do not support it, will be removed from aggregation.

There are no valid reasons to not support HTTPS, and it is a very easy exercise to enable it on your blog. There are free certificate authorities such as Let's Encrypt, which are supported by the majority of CMS systems and hosting control panels, or you could put your blog behind CloudFlare. How to set this up has been documented so many times and is a very trivial thing to do.

@planetxamarin/authors

@almirvuk

This comment has been minimized.

Show comment
Hide comment
@almirvuk

almirvuk Sep 6, 2017

Member

Great decision!

Member

almirvuk commented Sep 6, 2017

Great decision!

@ghuntley

This comment has been minimized.

Show comment
Hide comment
@ghuntley

ghuntley Sep 6, 2017

Member

I support this.

Member

ghuntley commented Sep 6, 2017

I support this.

@gshackles

This comment has been minimized.

Show comment
Hide comment
@gshackles

gshackles Sep 6, 2017

Member

Same here, HTTPS all the things. My site already supports HTTPS so :shipit:!

Member

gshackles commented Sep 6, 2017

Same here, HTTPS all the things. My site already supports HTTPS so :shipit:!

@Cheesebaron

This comment has been minimized.

Show comment
Hide comment
@Cheesebaron

Cheesebaron Sep 19, 2017

Member
Member

Cheesebaron commented Sep 19, 2017

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 19, 2017

Member

Zoinks!

I think it will be good to allow for a bit more time, I have seen some people on Twitter mentioning they need more time because they would need to move a whole lot of stuff. Not sure why that would be necessary though, but OK.

I think it's important to stop this at the gate right now and keep pressuring this list to slim it down. And if it's down to just a few set a hard deadline: comply or be removed.

Member

jfversluis commented Sep 19, 2017

Zoinks!

I think it will be good to allow for a bit more time, I have seen some people on Twitter mentioning they need more time because they would need to move a whole lot of stuff. Not sure why that would be necessary though, but OK.

I think it's important to stop this at the gate right now and keep pressuring this list to slim it down. And if it's down to just a few set a hard deadline: comply or be removed.

@PieEatingNinjas

This comment has been minimized.

Show comment
Hide comment
@PieEatingNinjas

PieEatingNinjas Sep 19, 2017

Contributor

Updated! (https://blog.pieeatingninjas.be/feed/)
But maybe try to contact the authors whos blog isn't on https yet? If @Depechie hadn't notified on Twitter, I wouldn't have known about this upcoming requirement.

Contributor

PieEatingNinjas commented Sep 19, 2017

Updated! (https://blog.pieeatingninjas.be/feed/)
But maybe try to contact the authors whos blog isn't on https yet? If @Depechie hadn't notified on Twitter, I wouldn't have known about this upcoming requirement.

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 19, 2017

Member

We've put it out here mentioning the authors group, by I think not everyone is in there. Most are though. If you won't mind mentioning a couple of people you might be in contact with that would be great!

We want to put out a little tweet as well. Problem is we don't have one channel to reach everyone :)

Also, please put in a PR changing your URL? Thanks!

Member

jfversluis commented Sep 19, 2017

We've put it out here mentioning the authors group, by I think not everyone is in there. Most are though. If you won't mind mentioning a couple of people you might be in contact with that would be great!

We want to put out a little tweet as well. Problem is we don't have one channel to reach everyone :)

Also, please put in a PR changing your URL? Thanks!

@PieEatingNinjas

This comment has been minimized.

Show comment
Hide comment
@PieEatingNinjas

PieEatingNinjas Sep 19, 2017

Contributor

I did indeed get a notification about this message, I must have missed it somehow. :-)

Contributor

PieEatingNinjas commented Sep 19, 2017

I did indeed get a notification about this message, I must have missed it somehow. :-)

@kentcb

This comment has been minimized.

Show comment
Hide comment
@kentcb

kentcb Sep 19, 2017

Contributor

Well, I'd like to fix my blog but according to this:

HTTPS is not supported for GitHub Pages using custom domains.

So I guess I'm SOL....?

Contributor

kentcb commented Sep 19, 2017

Well, I'd like to fix my blog but according to this:

HTTPS is not supported for GitHub Pages using custom domains.

So I guess I'm SOL....?

@nigel-sampson

This comment has been minimized.

Show comment
Hide comment
@nigel-sampson

nigel-sampson Sep 19, 2017

Contributor

You can use Cloudflare to set up SSL for free for GitHub pages (which is what I did, took about twenty minutes).

Contributor

nigel-sampson commented Sep 19, 2017

You can use Cloudflare to set up SSL for free for GitHub pages (which is what I did, took about twenty minutes).

@kentcb

This comment has been minimized.

Show comment
Hide comment
@kentcb

kentcb Sep 19, 2017

Contributor

Thanks @nigel-sampson! I'll add it to my TODO list.

Contributor

kentcb commented Sep 19, 2017

Thanks @nigel-sampson! I'll add it to my TODO list.

@patridge

This comment has been minimized.

Show comment
Hide comment
@patridge

patridge Sep 20, 2017

Contributor

For anyone else running WordPress on a provider without SSL support, hopefully this Stack Overflow answer about working around the internals of the is_ssl method with Cloudflare (or similar) will save you a couple hours.

After a painful two-night battle with things, I think I finally got SSL working for my blog. If all settles in happily, I'll put together a PR tomorrow.

Contributor

patridge commented Sep 20, 2017

For anyone else running WordPress on a provider without SSL support, hopefully this Stack Overflow answer about working around the internals of the is_ssl method with Cloudflare (or similar) will save you a couple hours.

After a painful two-night battle with things, I think I finally got SSL working for my blog. If all settles in happily, I'll put together a PR tomorrow.

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 20, 2017

Member

For the paperworks, these came in today and are off the list:

http://blog.pieeatingninjas.be/feed/rss
http://pumpingco.de/feed/
http://redth.codes/feed/
http://www.patridgedev.com/feed/

Four down, 30 to go!

Member

jfversluis commented Sep 20, 2017

For the paperworks, these came in today and are off the list:

http://blog.pieeatingninjas.be/feed/rss
http://pumpingco.de/feed/
http://redth.codes/feed/
http://www.patridgedev.com/feed/

Four down, 30 to go!

patridge added a commit to patridge/planetxamarin that referenced this issue Sep 20, 2017

jfversluis added a commit that referenced this issue Sep 20, 2017

patridge added a commit to patridge/planetxamarin that referenced this issue Sep 20, 2017

@therealjohn

This comment has been minimized.

Show comment
Hide comment
@therealjohn

therealjohn Sep 20, 2017

Contributor

I just updated mine. :D

https://jmillerdev.net

Contributor

therealjohn commented Sep 20, 2017

I just updated mine. :D

https://jmillerdev.net

@kentcb

This comment has been minimized.

Show comment
Hide comment
@kentcb

kentcb Sep 21, 2017

Contributor

Updated. PR is #355.

Contributor

kentcb commented Sep 21, 2017

Updated. PR is #355.

@lothrop

This comment has been minimized.

Show comment
Hide comment
@lothrop

lothrop Sep 22, 2017

Contributor

I'm still struggling. My provider won't let me use TLS for a subdomain. I haven't got CloudFlare to work since my provider doesn't have a fixed IP address for my website.

Contributor

lothrop commented Sep 22, 2017

I'm still struggling. My provider won't let me use TLS for a subdomain. I haven't got CloudFlare to work since my provider doesn't have a fixed IP address for my website.

lothrop pushed a commit to lothrop/planetxamarin that referenced this issue Sep 22, 2017

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 22, 2017

Member

Looks like you got it working @lothrop ! Nice!

Member

jfversluis commented Sep 22, 2017

Looks like you got it working @lothrop ! Nice!

@lothrop

This comment has been minimized.

Show comment
Hide comment
@lothrop

lothrop Sep 22, 2017

Contributor

Only that the cert now costs more than all domains combined…

Contributor

lothrop commented Sep 22, 2017

Only that the cert now costs more than all domains combined…

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 22, 2017

Member

Why?! You can get certs for free!

Member

jfversluis commented Sep 22, 2017

Why?! You can get certs for free!

@lothrop

This comment has been minimized.

Show comment
Hide comment
@lothrop

lothrop Sep 22, 2017

Contributor

For that, I'd need admin access for the server.

Contributor

lothrop commented Sep 22, 2017

For that, I'd need admin access for the server.

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 22, 2017

Member

Not always, of course I don’t know the details and I’m sure that you’ve done your research but I.e. direct admin has support built-in these days. Works like a charm!

Or maybe that’s what you mean by admin access

Member

jfversluis commented Sep 22, 2017

Not always, of course I don’t know the details and I’m sure that you’ve done your research but I.e. direct admin has support built-in these days. Works like a charm!

Or maybe that’s what you mean by admin access

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Sep 28, 2017

Member

Just 20 left! 🎉

Member

jfversluis commented Sep 28, 2017

Just 20 left! 🎉

@CayasSoftware

This comment has been minimized.

Show comment
Hide comment
@CayasSoftware

CayasSoftware Sep 29, 2017

Contributor

Sorry I am late to the party. I saw it on twitter thanks to @jfversluis. I will take switch as fast as I can.

Contributor

CayasSoftware commented Sep 29, 2017

Sorry I am late to the party. I saw it on twitter thanks to @jfversluis. I will take switch as fast as I can.

@jfversluis

This comment has been minimized.

Show comment
Hide comment
@jfversluis

jfversluis Oct 17, 2017

Member

Alright, a lot are done! I think it's starting to get time to enforce?

Member

jfversluis commented Oct 17, 2017

Alright, a lot are done! I think it's starting to get time to enforce?

@DanRigby

This comment has been minimized.

Show comment
Hide comment
Member

DanRigby commented Oct 17, 2017

@Cheesebaron

This comment has been minimized.

Show comment
Hide comment
@Cheesebaron

Cheesebaron Jan 27, 2018

Member

This can be closed now.

If someone was removed as part of #407 and you want back in, please open a Pull Request to add yourself back.

Member

Cheesebaron commented Jan 27, 2018

This can be closed now.

If someone was removed as part of #407 and you want back in, please open a Pull Request to add yourself back.

@xleon

This comment has been minimized.

Show comment
Hide comment
@xleon

xleon Jan 27, 2018

Contributor

Wow, I didn´t see anything about this until I got removed/mentioned yesterday.
My site is fixed now with https auto-redirections.
Will send PR soon

Contributor

xleon commented Jan 27, 2018

Wow, I didn´t see anything about this until I got removed/mentioned yesterday.
My site is fixed now with https auto-redirections.
Will send PR soon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment