Opened 22 months ago

Last modified 3 weeks ago

#6981 open defect

HTTPS redirect for Trac missing

Reported by: slhck Owned by:
Priority: normal Component: trac
Version: unspecified Keywords:
Cc: val.zapod.vz@gmail.com Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

I noticed that when you open http://trac.ffmpeg.org it doesn't auto-forward you to https://trac.ffmpeg.org, making logins insecure and exposing user passwords and other activity in cleartext.

It'd be great if you could change the server config to always redirect such requests, as is common security practice these days.

Change History (1)

comment:1 Changed 3 weeks ago by Balling

  • Cc val.zapod.vz@gmail.com added
  • Status changed from new to open

Yes, nice one.

Note: See TracTickets for help on using tickets.