opensearch icon indicating copy to clipboard operation
opensearch copied to clipboard

Published 20 hours ago verified publisher icon dewitt

Update all example URLs in the specifications to HTTPS

Open dewitt opened this issue 5 years ago • 4 comments

As part one of updating the OpenSearch spec to be HTTPS-only (or at least, HTTPS-strongly-preferred), update all of the example URLs to be https instead of http.

dewitt avatar Jan 21 '20 18:01 dewitt

It looks like the www.opensearch.org (redirect) supports HTTPS, but it has two issues currently:

  1. It is a self-signed certificate.
  2. It expired 3 years ago (in 2017).

Perhaps Let's Encrypt could be used here.

Krinkle avatar Feb 04 '20 21:02 Krinkle

That's a good catch, and we may be able to fix it, too. Though this issue was specifically about updating the specs to use HTTPS. I'll change the title of the issue to clarify. Thanks!

dewitt avatar Feb 05 '20 00:02 dewitt

http://github.com/dewitt/opensearch/issues/22#issue-553045623

http://datatracker.ietf.org/doc/html/rfc3986#section-4.2 may be preferrable, because none of this is necessarily information that is requiring security during observsation of it, and cryptography is able to be greatly detrimental to anyone whose internet-connection is slow.

However, this may only be applicable to embedded content. Thus, I am supportive of mere HTTP.

RokeJulianLockhart avatar Sep 27 '21 15:09 RokeJulianLockhart

As part one of updating the OpenSearch spec to be HTTPS-only (or at least, HTTPS-strongly-preferred), update all of the example URLs to be https instead of http.

baby933 avatar Aug 30 '22 16:08 baby933