> On Wed, Aug 19, 2009 at 9:07 AM, divesnob<mdarl...@gmail.com> wrote: >> >> For some reason my reply yesterday didn't make it? >> >> I do realize that you can just change http to https. The problem here >> is that twitter is sending people to http://twitter.com/login . >> >> Here's a screencast describing what I mean. >> >> http://www.screenjelly.com/watch/vSrv36yxa4g >> >> -matt >> >> On Aug 17, 7:02 pm, Abraham Williams <4bra...@gmail.com> wrote: >>> https://twitter.com/login >>> >>> On Mon, Aug 17, 2009 at 18:58, divesnob <mdarl...@gmail.com> wrote: >>> >>> > Curious why you're not POSTing over SSL for /login? >>> >>> > <form class="signin" method="post" action="/sessions"> >>> > <div style="margin: 0pt; padding: 0pt;"> >>> > </div> >>> > <input id="authenticity_token" type="hidden" >>> > value="7a401eeee566e00cff4abe1cba6ed4c70bf52d37" >>> > name="authenticity_token"/> >>> > <fieldset class="common-form standard-form"> >>> > </fieldset> >>> > </form>
On Wed, Aug 19, 2009 at 9:47 AM, Damon Clinkscales<sca...@pobox.com> wrote: > If you look at the form carefully, you'll see this: > > <form method="post" id="signin" action="https://twitter.com/sessions";> ^^^ from http://twitter.com/ ^^^ Although, here: http://twitter.com/login it's just /sessions , without the forced https. Yeah, that does seem like an oversight. -damon
