This repository has been archived by the owner on Sep 17, 2019. It is now read-only.
Warn users when logging into admin portal over http #450
Labels
Milestone
Comments
|
Hi @rorosaurus, This is not really a problem because every exchanges with your repository are made with the GitHub API through https: https://github.com/anthonny/github/blob/master/github.js#L33 But i understand that it is a bit confusing. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It looks like hubpress exchanges tokens/hashed tokens with Github for auth, so at least the password isn't directly exposed. But it's still a concern that the traffic could be intercepted (and token reused) without https, right?
This is a problem for sites which use custom domains, since Github currently doesn't support https in these scenarios.
Would it be worth showing a small warning on the page to warn the user of this concern?
The text was updated successfully, but these errors were encountered: