Enforce use of HTTPS/WSS for online functionality #6
silentsilas
commented
Owner
- Check if the endpoint can connect over HTTP/WS
- If so
- Disable all online functionality
- Disable toggle for online functionality
- Display a warning below the online toggle
- "Online functionality requires the server to upgrade all HTTP requests to HTTPS to prevent MitM attacks.\nHSTS is optional but highly recommended to ensure HTTP requests are never attempted."
- If not, a secure WebSocket connection can (almost) be guaranteed, so enable the toggle
- If so
* Check if the endpoint can connect over HTTP/WS
* If so
* Disable all online functionality
* Disable toggle for online functionality
* Display a warning below the online toggle
* "Online functionality requires the server to upgrade all HTTP requests to HTTPS to prevent MitM attacks.\nHSTS is optional but highly recommended to ensure HTTP requests are never attempted."
* If not, a secure WebSocket connection can (almost) be guaranteed, so enable the toggle
silentsilas
added the enhancement
label
silentsilas
added this to the MVP project
silentsilas
referenced this issue
View who's all currently online #5
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?