HTTPS... ?
Eion Robb
eion at robbmob.com
Sun Nov 19 21:56:39 EST 2017
Hi Gary,
It looks like pidgin.im doesn't have the HSTS (Strict-Transport-Security)
headers when serving over HTTP, so that anyone who hasn't gone to the HTTPS
site before won't get redirected.
That said, it's not much of a big deal since most of the website, other
than the developer.pidgin.im site has any secure information, so I'd see
this as a fairly low priority.
Cheers,
Eion
On 20 November 2017 at 11:31, Michael Secord <gizmokid2005 at gmail.com> wrote:
> Eion,
>
> pidgin.im actually isn't. It doesn't auto-redirect and serves validly
> over http. Also, the only 2 navbar links that switch you to https are
> plugins and development.
>
> -Michael
>
> On Sun, Nov 19, 2017 at 2:29 PM, Eion Robb <eion at robbmob.com> wrote:
>
>> Hi there,
>>
>> It already is HTTPS-only (with HSTS headers to require such). Which
>> website are you looking at that isn't HTTPS?
>>
>> Cheers,
>> Eion
>>
>> On 20 November 2017 at 10:46, E.M. <emus at mailbox.org> wrote:
>>
>>> Hello,
>>>
>>> I'd like to suggest to encrypt your website with HTTPS.
>>>
>>> Let's Encrypt offers certificates for free.
>>>
>>>
>>> Kind regards
>>>
>>> _______________________________________________
>>> Support at pidgin.im mailing list
>>> Want to unsubscribe? Use this link:
>>> https://pidgin.im/cgi-bin/mailman/listinfo/support
>>>
>>
>>
>> _______________________________________________
>> Support at pidgin.im mailing list
>> Want to unsubscribe? Use this link:
>> https://pidgin.im/cgi-bin/mailman/listinfo/support
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20171120/0683a5f4/attachment.html>
More information about the Support
mailing list