Hi Gary, It looks like pidgin.im doesn't have the HSTS (Strict-Transport-Security) headers when serving over HTTP, so that anyone who hasn't gone to the HTTPS site before won't get redirected.
That said, it's not much of a big deal since most of the website, other than the developer.pidgin.im site has any secure information, so I'd see this as a fairly low priority. Cheers, Eion On 20 November 2017 at 11:31, Michael Secord <gizmokid2...@gmail.com> wrote: > Eion, > > pidgin.im actually isn't. It doesn't auto-redirect and serves validly > over http. Also, the only 2 navbar links that switch you to https are > plugins and development. > > -Michael > > On Sun, Nov 19, 2017 at 2:29 PM, Eion Robb <e...@robbmob.com> wrote: > >> Hi there, >> >> It already is HTTPS-only (with HSTS headers to require such). Which >> website are you looking at that isn't HTTPS? >> >> Cheers, >> Eion >> >> On 20 November 2017 at 10:46, E.M. <e...@mailbox.org> wrote: >> >>> Hello, >>> >>> I'd like to suggest to encrypt your website with HTTPS. >>> >>> Let's Encrypt offers certificates for free. >>> >>> >>> Kind regards >>> >>> _______________________________________________ >>> Support@pidgin.im mailing list >>> Want to unsubscribe? Use this link: >>> https://pidgin.im/cgi-bin/mailman/listinfo/support >>> >> >> >> _______________________________________________ >> Support@pidgin.im mailing list >> Want to unsubscribe? Use this link: >> https://pidgin.im/cgi-bin/mailman/listinfo/support >> > >
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support
