Https only for users.rust-lang.org


#1

I would like to propose redirecting cleartext connections to users.rust-lang.org to https. GitHub sign-in doesn’t work over the clear text connection which can be confusing to folks who haven’t run into the problem before. Additionally, for a user who is already logged in, navigating to users.rust-lang.org will give you the http cleartext site by default, and you will not be signed in on that site.

Is there a good reason for keeping the non https version of this site? From what I’ve seen, it causes problems with auth for no real benefit.


#2

Agreed. Every website should use HTTPS + HSTS, period.


#3

Hey! Seems like somebody updated the site, and regular http connections redirect to https now.

Thank you!


#4

There’s still no HSTS, and I keep seeming to flap between HTTP and HTTPS, which is very annoying. Do we need to do something on our side, @codinghorror?


#5

Ah, I’m not even an admin on this, only internals.


#6

There was no config setup to enable HTTPS on users.rust-lang, only internals. I’ve ticked the boxes to make this site HTTPS-all-the-way also, and there’s now redirects and HSTS headers.


#7

Thanks for doing that!