minetest.github.io icon indicating copy to clipboard operation
minetest.github.io copied to clipboard

Published 20 hours ago verified publisher icon minetest

Use HTTPS links instead of HTTP

Open PilzAdam opened this issue 9 years ago • 6 comments

Wherever possible, HTTPS should be used instead of HTTP. I found the following places where HTTP is explicitly set:

  • servers.html
    • servers.minetest.net is linked with HTTP, but it supports HTTPS, so it should be changed.
  • irc.html
    • webchat.freenode.net is linked with HTTP, but it supports HTTPS, so it should be changed.
  • README.md
    • jekyllrb.com is linked with HTTP, but it supports HTTPS, so it should be changed.
    • www.minetest.net is linked with HTTP, but it supports HTTPS. The certificate is self-signed, though, so only change this when the certificate gets signed (AFAIK @celeron55 plans to use Let's Encrypt when it's available).
  • community.html
    • www.reddit.com is linked with HTTP, but it supports HTTPS, so it should be changed.
  • development.html
    • forum.minetest.net is linked with HTTP, but it supports HTTPS, so it should be changed.
    • dev.minetest.net (same as www.minetest.net)
  • downloads.html
    • minetest.net (see above)
    • dev.minetest.net (see above)
  • customize.html
    • wiki.minetest.net (same as www.minetest.net)
  • index.html
    • dev.minetest.net (see above)

Where possible, these should be changed to explicitly use HTTPS, or leave the protocol out, so the currently chosen protocol of the user is used. I personally would say, that we link external sites explicitly with HTTPS, and internal links (e.g. the link to minetest.net in downloads.html) should have the front stripped.

(Edited by sfan5 2015-01-04: The serverlist now supports HTTPS)

PilzAdam avatar Nov 07 '15 11:11 PilzAdam

I personally would say, that we link external sites explicitly with HTTPS, and internal links (e.g. the link to minetest.net in downloads.html) should have the front stripped.

:+1:

est31 avatar Nov 07 '15 12:11 est31

brew.sh is missing from the list, but anyway, its github.io via a direct CNAME redirect, so https is broken for it.

est31 avatar Dec 04 '15 09:12 est31

Let's Encrypt is in public beta so you can (already) get certs for all your subdomains...

rugk avatar Jan 11 '16 19:01 rugk

And BTW: You may improve your SSL/TLS config: https://www.ssllabs.com/ssltest/analyze.html?d=forum.minetest.net

rugk avatar Jan 11 '16 21:01 rugk

In fact, Let's encrypt is already in use: https://crt.sh/?CN=%25.minetest.net&iCAID=7395

est31 avatar Jan 11 '16 22:01 est31

Okay, but there are still domains without HTTPS.Most notably the main domain (minetest.net).

rugk avatar Jan 11 '16 22:01 rugk