sureshanaparti commented on PR #12078: URL: https://github.com/apache/cloudstack/pull/12078#issuecomment-3626490877
> > Hi @sureshanaparti > > As discussed please add http before the domain or management IP to make sure the link is clickable > > Please check the screenshot > > with domainurl > > dear @kiranchavala and @sureshanaparti , > > I appreciated the checks for the presence of `http://` or `https://`, as well as the logic to apply a default when neither is provided. My recommendation would be to always default to `https://` and require users to manually choose a less secure option if they really need it. > > This mindset should be applied universally, as users tend to accept whatever the default is. Beyond the general risk of “rogue Wi-Fi” exposing password-reset links, browsers are increasingly moving toward HTTPS-first behavior, and email filters/inspection systems are becoming more suspicious of plain-text HTTP URLs. > > Please understand this as purely constructive feedback. @davift thanks for the feedback. previously the password reset link was defaulted to `http://`, so I've considered the same. Now, I updated the scheme based on the _https.enabled_ flag in server.properties file in the management server (as SSL is enabled when it is set - https://docs.cloudstack.apache.org/en/4.22.0.0/installguide/optional_installation.html#ssl-optional). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
