Hello, > On Mar 14, 2017, at 16:34, Leo Famulari <[email protected]> wrote: > >> The Savannah login page includes a checkbox that reads "Stay in secure >> (https) mode after login". >> >> [...]So I'm wondering, what does that checkbox do?
> http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00002.html Indeed, forcing HTTPS on login-related pages is a recent improvements. Thanks for taking the time to check the mailing and look for past discussions - much appreciated. >> While logged in, I manually entered the HTTP URL and was still able to >> access the administration interface for a group that I administer over >> the unauthenticated connection. There is an on-going discussion about forcing HTTPS everywhere on savannah. Can you provide a specific example of a URL you can access in HTTP, and it allows you to make changes (I don't doubt it's possible, just need a pointer to ease testing). regards, - assaf
