Use HTTPS links in documentation and comments #5163
Labels
Comments
|
Thanks for pointing out this issue. We will include it in our planning for improvements to the documentation. If you would like to help more directly, we would be happy to review pull requests that update links. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It appears there are quite a few
http://links in the documentation and code comments of this project despite the target websites supporting HTTPS (sometimes HTTPS has to be explicitly requested because the website does not upgrade connections on its own).A quick search for
http:yielded about 4000 findings, however I assume a lot are false positives (e.g. because they are part of an XML namespace declaration) and some target sites might not support HTTPS, or are not properly configured (outdated certificate, wrong domain name).However, for the websites which do support HTTPS it would be good to update the links. Otherwise for
http://links the browser will first send an unencrypted HTTP request which an attacker in the same network is able to see and for which they can spoof a response.Slightly related: #4379
The text was updated successfully, but these errors were encountered: