|
| From: | Bob Proulx |
| Subject: | [savannah-help-public] [sr #109454] Private bugs fail on HTTP e-mail link, not redirected to HTTPS |
| Date: | Thu, 25 Jan 2018 16:32:59 -0500 (EST) |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
Follow-up Comment #1, sr #109454 (project administration):
There is an open TODO item to switch the email links from http to https. It
will get done eventually.
That you submitted a bug to a project that has marked it as a private item is
unrelated to whether the link is http or https. Either will say the item is a
private item. Both say that for me for that link for example. Since that
project has made their tickets private.
However if you are logged into the site and have permission to view the ticket
then your cookie is a secure cookie and will only be sent to https which will
give you permission but not to http and therefore you won't be logged in on
http and won't have permission. It is somewhat of a subtle thing but not the
primary issue but just a cascade behind it.
Personally I much prefer email to savannah-hackers-public AT gnu.org or
savannah-hackers-private AT gnu.org for security issues or other discussion.
I find email much easier to deal with. It's a personal preference.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109454>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |