eion at robbmob.com
Sun Nov 19 21:56:39 EST 2017
It looks like pidgin.im doesn't have the HSTS (Strict-Transport-Security)
headers when serving over HTTP, so that anyone who hasn't gone to the HTTPS
site before won't get redirected.
That said, it's not much of a big deal since most of the website, other
than the developer.pidgin.im site has any secure information, so I'd see
this as a fairly low priority.
On 20 November 2017 at 11:31, Michael Secord <gizmokid2005 at gmail.com> wrote:
> pidgin.im actually isn't. It doesn't auto-redirect and serves validly
> over http. Also, the only 2 navbar links that switch you to https are
> plugins and development.
> On Sun, Nov 19, 2017 at 2:29 PM, Eion Robb <eion at robbmob.com> wrote:
>> Hi there,
>> It already is HTTPS-only (with HSTS headers to require such). Which
>> website are you looking at that isn't HTTPS?
>> On 20 November 2017 at 10:46, E.M. <emus at mailbox.org> wrote:
>>> I'd like to suggest to encrypt your website with HTTPS.
>>> Let's Encrypt offers certificates for free.
>>> Kind regards
>>> Support at pidgin.im mailing list
>>> Want to unsubscribe? Use this link:
>> Support at pidgin.im mailing list
>> Want to unsubscribe? Use this link:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Support