You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Uwe Schindler (Jira)" <ji...@apache.org> on 2020/02/28 22:50:00 UTC
[jira] [Resolved] (LUCENE-9227) Make page ready for pure HTTPS
[ https://issues.apache.org/jira/browse/LUCENE-9227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Uwe Schindler resolved LUCENE-9227.
-----------------------------------
Resolution: Fixed
I set the issue status to fixed, as all tasks are finally done. Raising max-age of HSTS is a separate task.
> Make page ready for pure HTTPS
> ------------------------------
>
> Key: LUCENE-9227
> URL: https://issues.apache.org/jira/browse/LUCENE-9227
> Project: Lucene - Core
> Issue Type: Sub-task
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Priority: Blocker
>
> The web page can currently be visited using HTTPS but this brings warning:
> - Both search providers create a form that passes USER ENTERED INPUT using no encryption. This is not allowed due to GDPR. We have to fix this asap. It looks like [~otis] search is working with HTTPS (if we change domain name), but the Lucidworks does not
> - There were some CSS files loaded with HTTP (fonts from Google - this was fixed)
> Once those 2 problems are fixed (I grepped for HTTP and still found many links with HTTP, but looks like no images or scripts or css anymore), I'd like to add a permanent redirect http://lucene.apache.org/ -> https://lucene.apache.org to the htaccess template file.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org