Https only for


I would like to propose redirecting cleartext connections to to https. GitHub sign-in doesn’t work over the clear text connection which can be confusing to folks who haven’t run into the problem before. Additionally, for a user who is already logged in, navigating to will give you the http cleartext site by default, and you will not be signed in on that site.

Is there a good reason for keeping the non https version of this site? From what I’ve seen, it causes problems with auth for no real benefit.


Agreed. Every website should use HTTPS + HSTS, period.


Hey! Seems like somebody updated the site, and regular http connections redirect to https now.

Thank you!


There’s still no HSTS, and I keep seeming to flap between HTTP and HTTPS, which is very annoying. Do we need to do something on our side, @codinghorror?


Ah, I’m not even an admin on this, only internals.


There was no config setup to enable HTTPS on users.rust-lang, only internals. I’ve ticked the boxes to make this site HTTPS-all-the-way also, and there’s now redirects and HSTS headers.


Thanks for doing that!