spdx-online-tools icon indicating copy to clipboard operation
spdx-online-tools copied to clipboard

Published 20 hours ago verified publisher icon spdx

Redirect for the Github Authorization should use HTTPS rather than HTTP in production

Open goneall opened this issue 4 years ago • 2 comments

I'm not sure if this is a security vulnerability, but the redirect probably should use HTTP rather than HTTPS.

Just changing it to HTTPS will likely mess up those running the spdx-online-tools in test environments or local development environments.

Perhaps the System configuration debug could be checked and the appropriate redirect made.

NOTE: the Github Auth configurations need to be updated to HTTPS as well as the code once this goes into production.

goneall avatar Nov 20 '20 01:11 goneall

@goneall Which code needs to be updated? I think only Github configuration needs to be changed.

rtgdk avatar Nov 23 '20 17:11 rtgdk

@rtgdk I'm not sure where the code is that needs to be updated, but there is a call to the Github API's where a URL is passed as a parameter for the authentication callback. That code should be changed from http:// to https://

goneall avatar Nov 23 '20 21:11 goneall