Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL #10

Open
nickstenning opened this issue Mar 30, 2012 · 2 comments
Open

SSL #10

nickstenning opened this issue Mar 30, 2012 · 2 comments

Comments

@nickstenning
Copy link
Member

At least the login/signup pages, and more likely the whole website, should be secured with SSL.

It's likely that it's possible to do this even for the API without introducing any breakage, because browsers are obliged to follow redirects on XHR requests transparently. I've had issues with this with CORS, in the past, so it may be that only the token generator endpoint can be secured.
@rufuspollock
Copy link
Contributor

Big +1.

@tilgovi tilgovi mentioned this issue May 20, 2016
Closed
@melat0nin
Copy link

Yep it's a serious problem now that TLS is proliferating much quicker thanks to initiatives like letsencrypt.

For my part I implemented a local sqlite store using ikr/annotator-store-lite and it works well, and it's the same server so of course TLS isn't an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickstenning @rufuspollock @melat0nin