Comments (8)
Should be working now. HSTS redirecting http -> https.
from flatpak.github.io.
Please use HTTPS. It is re4ally basic and in this case even security-critical as on http://flatpak.org/apps.html there are links to executables. The links itself are HTTPS, that's fine, but as the links are embedded on a HTTP website, any (MITM-attacker) can modify them to point somewhere else.
And these *.flatpakref
files are critical as they include the GPG key to sign the updates and the URLs to the website where updates are downloaded. So HTTPS here is not 0only "nice to have", it is essential for the whole security of these flatpaks as the downloaded *.flatpakref
files are the first point, where the "security chain" starts and currently it is incomplete. Without HTTPS on this site all your flatpak applications can be MITM-attacked and arbitrary code can be executed. (hopefully only in flatpaks itself, but anyway)
from flatpak.github.io.
We're using github project pages with a custom domain, and this doesn't currently allow https.
Are you sure this cannot be fixed? I think it is important for a project such as Flatpak to be secure on all fronts. I generally do not download from http-only sites.
from flatpak.github.io.
Stop using Github Pages if it won't support HTTPS. Setting up a simple nginx webserver for a static site takes less than an hour if you're at all competent.
from flatpak.github.io.
bump This is a critical security issue
from flatpak.github.io.
We're using github project pages with a custom domain, and this doesn't currently allow https.
from flatpak.github.io.
According to some comments on isaacs/github#156 it might be possible to use Cloudflare to make this happen.
from flatpak.github.io.
More info here: https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/
from flatpak.github.io.
Related Issues (20)
- Remove Atom from the website HOT 1
- "Get set up" button incorrectly redirecting HOT 10
- "Get set up" redirects to http://flatpak.org:8080/setup HOT 1
- Replace thumbnail on the youtube video HOT 2
- IPv6 Support
- Languages
- Kali Linux Flatpak remote-add Error HOT 2
- Update "Flatpak History"
- Make a button for copypasting setup commands
- Quick Setup: add flathub repo with `--user` flag by default HOT 2
- [Feature Request] UI - Show Operating System names under the icons in setup page
- Ubuntu install instructions are confusing HOT 2
- Mention updating Flatpaks in Quick Setup HOT 6
- Update the Ubuntu logo HOT 1
- Update information on RHEL
- Update Fedora information
- New builds not deployed HOT 3
- [feature request] CentOS is not among the selectable distros on the page HOT 1
- flatpak.org/setup/: Modify the Restart section HOT 1
- [Feature request]: flatpak.org/setup/: Add: "flatpak remote-modify --subset=floss flathub" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flatpak.github.io.