Engineering-Best-Practices icon indicating copy to clipboard operation
Engineering-Best-Practices copied to clipboard

Published 20 hours ago verified publisher icon 10up

HTTPS Best Practices Section

Open bengreeley opened this issue 6 years ago • 2 comments

I created a PR to add HTTPS to the systems best practices page. Since internally we strive for all of our sites to be HTTPS, it makes sense that this should be added to our best practice documents. There's much more information that could be added here, but my initial goals were

  1. To have HTTPS be included in the best practices to point engineers to the appropriate section with an explanation of why it's considered a best practice
  2. To talk about some best practices when implementing HTTPS.

https://github.com/10up/Engineering-Best-Practices/tree/feature/https

The addition of this section also could introduce the opportunity to highlight the following:

  • Best practices from a systems perspective when implementing HTTPS (if any). We touch on this in an earlier section on NGINX, so it may be a bit redundant. @tott @TheLastCicada curious of your thoughts here.
  • It would be great to link to a 10up plugin for checking insecure content. I know our Insecure Content Warning plugin is currently private, but this would be a great opportunity to add that as a best practice.

bengreeley avatar Aug 30 '18 18:08 bengreeley

@bengreeley can you open the PR?

tlovett1 avatar Oct 05 '18 04:10 tlovett1

@tlovett1 You've got it: https://github.com/10up/Engineering-Best-Practices/pull/264

bengreeley avatar Nov 09 '18 21:11 bengreeley