Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#5128 closed defect (wontfix)

editing with p2 or iD should not switch to a unsecured connection without asking

Reported by: aseerel4c26 Owned by: rails-dev@…
Priority: minor Milestone:
Component: website Version:
Keywords: privacy https Cc:

Description

currently when clicking to edit with p2 or iD it is switched to a unsecure connection without asking. This potentially leaks information which was intended to be protected.

Should be: stay on secure. If that is not possible ask the user what to do.

Change History (2)

comment:1 Changed 5 years ago by Tom Hughes

Resolution: wontfix
Status: newclosed

There's no way I'm going to waste time implementing this when we will get rid of the redirect as soon as the next release of iD happens - the current situation is just a temporary measure for a few weeks.

comment:2 Changed 5 years ago by aseerel4c26

Thanks for your comment, Tom! Okay, fine then. If it would be quick, a simple mitigation would be not to show https links for the edit button links. Then it would be clear (at least the user has a chance) that the editing will not he via https. Currently the shown link is https.

Note: See TracTickets for help on using tickets.