-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use HTTPS for instances that support it #153
Conversation
A far simpler approach would be to add a |
For instances that already redirect to HTTPS, have our ruleset also point to HTTPS, avoiding one extra HTTP->HTTPS redirect. Since this information isn't available from the directory, add it as an optional field to onboarded.txt, which shouldn't be too much extra maintenance given the few instances that use it. Fixes #4.
Now updated to store and pull data from onboarded.txt instead of doing live checking. |
Confirmed that the ruleset changes look consistent with the https option. A new signed ruleset has been added in a separate commit. Final review to follow to verify the rules work in TBB as expected. |
(handing off to @nathandyer for live ruleset checks) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Happy to report everything worked correctly for me in the live tests, and that the Source Interfaces loaded using HTTPS.
Just a note about the test plan, no changes should be necessary in the directory itself.
Status
Ready for review; needs prod signature
Description
For instances that already redirect to HTTPS, have our ruleset also
point to HTTPS, avoiding one extra HTTP->HTTPS redirect.
Since this information isn't available from the directory, add it as an
optional field to onboarded.txt, which shouldn't be too much extra
maintenance given the few instances that use it.
Fixes #4.
Review Checklist
onboarded.txt
are accuratedefault.rulesets.TIMESTAMP.gz
has been updated, extracting that file and inspecting the contents of the JSON file produces the expected rulesPath Prefix
:https://raw.githubusercontent.com/freedomofpress/securedrop-https-everywhere-ruleset/$BRANCH_NAME
index.html
has been updated using./update_index.sh
Post-Deployment Checklist