Https only for users.rust-lang.org

I would like to propose redirecting cleartext connections to users.rust-lang.org to https. GitHub sign-in doesn't work over the clear text connection which can be confusing to folks who haven't run into the problem before. Additionally, for a user who is already logged in, navigating to users.rust-lang.org will give you the http cleartext site by default, and you will not be signed in on that site.

Is there a good reason for keeping the non https version of this site? From what I've seen, it causes problems with auth for no real benefit.

10 Likes

Agreed. Every website should use HTTPS + HSTS, period.

1 Like

Hey! Seems like somebody updated the site, and regular http connections redirect to https now.

Thank you!

1 Like

There's still no HSTS, and I keep seeming to flap between HTTP and HTTPS, which is very annoying. Do we need to do something on our side, @codinghorror?

Ah, I'm not even an admin on this, only internals.

There was no config setup to enable HTTPS on users.rust-lang, only internals. I've ticked the boxes to make this site HTTPS-all-the-way also, and there's now redirects and HSTS headers.

4 Likes

Thanks for doing that!