Contrib.social

Using http protocol is insecure. Use https instead

Open on Drupal.org →
Created on 17 July 2023, over 1 year ago
Updated 25 October 2023, about 1 year ago

In admin_menu/admin_menu.inc line 469 there are a http url instead of https, and sonarqube alerts me in the recurity review:
"Using http protocol is insecure. Use https instead"

🐛 Bug report
Status

RTBC

Version

3.0

Component

Code

Created by

🇪🇸Spain Carlitus

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Carlitus
  • @carlitus opened merge request.
  • Status changed to Needs review over 1 year ago
  • Comment over 1 year ago
    🇪🇸Spain Carlitus
  • Status changed to RTBC about 1 year ago
  • Comment about 1 year ago
    rbruch

    While I didn't actually install the patch/MR, from looking at it, it's clear that all it does is change HTTP to HTTPS in the generated drupal.org links. I did verify that the HTTPS version of the links work, so I'm going to mark this as RTBC.

    Note: Anticipating the "why bother" response... As browsers get more strict about wanting to always use HTTPS, and also increasing strictness with cross-origin links (HTTP and HTTPS versions of a link are considered different origins) it should be standard to use HTTPS everywhere (or at least everywhere it's possible). It's a small change, easy to apply, with no bad side effects that I can think of. Please consider applying it to the next release.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024