Skip to content
This repository was archived by the owner on Sep 24, 2025. It is now read-only.

Login, Password Reset, and others need to force HTTPS #311

Open
Open
Login, Password Reset, and others need to force HTTPS#311
Labels
bug
@revgum

Description

@revgum
revgum
opened on Apr 26, 2016

"Forgot Password" email sent to the user includes an HTTP link to reset the password, and the app is not forcing HTTPS. This is a security concern.

Example links that should force HTTPS:
http://oregondigital.org/users/sign_in
http://oregondigital.org/users/password/edit?reset_password_token=blablahblabh

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions