Closed Bug 1047065 Opened 11 years ago Closed 11 years ago

Redirect HTTP requests to HTTPS in all components

Categories

(Taskcluster :: General, defect)

Product:
Taskcluster
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jonasfj, Assigned: jonasfj)

Details

I just discovered that auth.taskcluster.net didn't want to allow me to login as I used the HTTP end-point instead of the HTTPS. This was the persona login step. This makes me want to redirect all UI requests from HTTP to HTTPS. But is there really any reason not to do this for all requests in all components? I believe we can easily configure taskcluster-base to do this, or simply refuse HTTP connections (which ever is better)? For API requests it's possible that we should forbid all non-https requests.
@lightsofapollo, Is there any reason or considerations we should do before we just jump head first can redirect http to https? Do we have a need for HTTP requests? Clients that don't have HTTPS?
Flags: needinfo?(jlal)
HTTPS always all the time ++
Flags: needinfo?(jlal)
Assignee: nobody → jopsen
Fixed in taskcluster-base and deployed for queue, auth and scheduler.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: TaskCluster → General
Product: Testing → Taskcluster
Target Milestone: --- → mozilla41
Version: unspecified → Trunk
Resetting Version and Target Milestone that accidentally got changed...
Target Milestone: mozilla41 → ---
Version: Trunk → unspecified
You need to log in before you can comment on or make changes to this bug.