HTTP(retentiou)S #10
Comments
ghost
assigned 
|
Who's going to pay for our ssl keys? |
|
how much do they cost? |
|
oh I see, like 30-50 bucks. I don't think that's worth it. we should indicate that we accept pull requests in the form of straight cash that we could use to buy something like that. But I don't want to deal with it. Maybe we know someone at heroku who could help??? |
|
perhaps we should suggest that the paranoid user use tor+tails on a new (non-commercial, free software only) computer and burn the computer immediately after use (e-waste facilities are too slow) |
|
Personally I don't see a strong reason to use HTTPS here... ...but I'd be happy to contribute some money if someone else wants to buy a cert. |
|
You don't need money for this, startssl free is, well, free |
|
I notice that while there is TLS support enabled on
I’ve seen plenty of people use |
|
@grapegravity that is totally a Heroku thing (or maybe a cloudflare thing?), I never even tried to get HTTPS set up. I've actually been thinking about moving the site off of Heroku anyway since they're breaking the free tier, I'll look into this whenever I get around to that. |
|
Let's Encrypt will solve this pretty cleanly, though I'm not sure how you would deploy it on Heroku. (The project has really focused on sysadmins for the first version, just to get a client out there. It is very user friendly if you don't mind the CLI, however.) If you don't want to wait, StartSSL is totally valid and a good way to get it sooner rather than later. EDIT: I noticed that the site is sitting behind CloudFlare, so it should be a one click setup of SSL since they provide it for free. |
|
are there any browsers the ssl cert doesn't work in? could you redirect http to https? most links to pronoun.is that i see are http, and https is kinda pointless if nobody is using it; people will mostly just be copying the link out of their address bar even the link at the bottom of every page explicitly links to http, which seems… unnecessary |
|
I don't think we're going to do this any time soon |
|
you're already serving the site over https, all that's left to do is set up a redirect and make the internal links either relative or explicitly https. i… don't understand why you wouldn't want to take those last tiny steps |
|
Could this be reconsidered? Letsencrypt offers free certificates nowadays and I think it can be automated on heroku. Please include "www." and "my." in the certificate and fix #42 |
nobody in SF will ever look me in the eye again if we serve this this shit over raw http. I truly do not give a fuck but y'know. Support paranoid users using HTTPNowhere, etc.
The text was updated successfully, but these errors were encountered: