action #66610
Updated by okurz almost 4 years ago
~~The The OpenID login does not work with plain HTTP anymore~~ openID login can fail on https enabled openQA instances anymore so at least the `/login` route should redirect to HTTPS . HTTPS. Besides, without HTTPS the session is likely not secure at all (e.g. a man in the middle could inject JavaScript and for instance do arbitrary AJAX calls to openQA's API). ### notes Take care that the workers can still connect. I'm not sure whether they will use HTTPS automatically so it might be required to use `HOST = http://...` in `workers.ini` (at least if enforcing SSL for everything and not just the `/login` route).