Git Product home page Git Product logo

Comments (8)

ramcq avatar ramcq commented on July 27, 2024 4

Should be working now. HSTS redirecting http -> https.

from flatpak.github.io.

rugk avatar rugk commented on July 27, 2024 3

Please use HTTPS. It is re4ally basic and in this case even security-critical as on http://flatpak.org/apps.html there are links to executables. The links itself are HTTPS, that's fine, but as the links are embedded on a HTTP website, any (MITM-attacker) can modify them to point somewhere else.

And these *.flatpakref files are critical as they include the GPG key to sign the updates and the URLs to the website where updates are downloaded. So HTTPS here is not 0only "nice to have", it is essential for the whole security of these flatpaks as the downloaded *.flatpakref files are the first point, where the "security chain" starts and currently it is incomplete. Without HTTPS on this site all your flatpak applications can be MITM-attacked and arbitrary code can be executed. (hopefully only in flatpaks itself, but anyway)

from flatpak.github.io.

baimafeima avatar baimafeima commented on July 27, 2024 1

We're using github project pages with a custom domain, and this doesn't currently allow https.

Are you sure this cannot be fixed? I think it is important for a project such as Flatpak to be secure on all fronts. I generally do not download from http-only sites.

from flatpak.github.io.

tidux avatar tidux commented on July 27, 2024 1

Stop using Github Pages if it won't support HTTPS. Setting up a simple nginx webserver for a static site takes less than an hour if you're at all competent.

from flatpak.github.io.

genodeftest avatar genodeftest commented on July 27, 2024 1

bump This is a critical security issue

from flatpak.github.io.

alexlarsson avatar alexlarsson commented on July 27, 2024

We're using github project pages with a custom domain, and this doesn't currently allow https.

from flatpak.github.io.

mwleeds avatar mwleeds commented on July 27, 2024

According to some comments on isaacs/github#156 it might be possible to use Cloudflare to make this happen.

from flatpak.github.io.

mwleeds avatar mwleeds commented on July 27, 2024

More info here: https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/

from flatpak.github.io.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.