Opened 8 years ago
Closed 8 years ago
#1772 closed task (fixed)
Password reset link is not https
Reported by: | wildintellect | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | SysAdmin | Keywords: | |
Cc: |
Description
Password reset links emailed to users need to be https only.
Note:
See TracTickets
for help on using tickets.
The password reset link in the mail is currently http or https depending on the scheme used to request the reset link. Basically the script sends a link to self (SCRIPT_URI).
I've now forced the reset link to be https no matter access schema See commit e2bfe459f38fafb594194e5546f57a7963ea1849 in the cgi-bin dir.
It would be a good idea, in general, to redirect http to https for the userid related scripts at the Apache level.