Contrib.social

Using http protocol is insecure. Use https instead

Open on Drupal.org β†’
Created on 17 July 2023, 12 months ago
Updated 25 October 2023, 8 months ago

In admin_menu/admin_menu.inc line 469 there are a http url instead of https, and sonarqube alerts me in the recurity review:
"Using http protocol is insecure. Use https instead"

πŸ› Bug report
Status

RTBC

Version

3.0

Component

Code

Created by

πŸ‡ͺπŸ‡ΈSpain Carlitus

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Carlitus
  • @carlitus opened merge request.
  • Status changed to Needs review 12 months ago
  • Comment 12 months ago β†’
    πŸ‡ͺπŸ‡ΈSpain Carlitus
  • Status changed to RTBC 8 months ago
  • Comment 8 months ago β†’
    rbruch

    While I didn't actually install the patch/MR, from looking at it, it's clear that all it does is change HTTP to HTTPS in the generated drupal.org links. I did verify that the HTTPS version of the links work, so I'm going to mark this as RTBC.

    Note: Anticipating the "why bother" response... As browsers get more strict about wanting to always use HTTPS, and also increasing strictness with cross-origin links (HTTP and HTTPS versions of a link are considered different origins) it should be standard to use HTTPS everywhere (or at least everywhere it's possible). It's a small change, easy to apply, with no bad side effects that I can think of. Please consider applying it to the next release.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024