-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http does not redirect to https #110
Comments
An issue with the site, not the app. |
https://pay.party and https://app.pay.party / https://dev.pay.party does have the correct certificates. This is an issue with the landing page redirects. Looking into it. |
@wkarshat @hmux The challenge is not with "the site" nor "the app". Neither it is about correctness of TLS certificates; it is about unencrypted data in transit, thereby making users more susceptible to attacks. An attacker resolved to launch a MITM attack on users could persuade them to visit your site over plain HTTP. The attacker may fake your site and acquire sensitive data from your users, or proxy to the legitimate HTTPS version of your site and snoop all data, if traffic could be diverted (e.g. DNS poisoning). Why not serve just one version of the site (HTTPS only), simply redirect incoming HTTP traffic to HTTPS, then enable HSTS to aid in the prevention of the scenario above? |
Describe the bug
Hey, I just came across your site earlier. I clicked a link from twitter where someone tweeted and mentioned
pay.party
this resulted in me landing on http://pay.party and getting the Not Secure warning.To Reproduce
Steps to reproduce the behavior:
Expected behavior
It redirects to secure site
The text was updated successfully, but these errors were encountered: