#1772: Password reset link is not https
---------------------------+-------------------
Reporter: wildintellect | Owner: sac@…
Type: task | Status: new
Priority: major | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
Password reset links emailed to users need to be https only.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1772>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1772: Password reset link is not https
---------------------------+---------------------
Reporter: wildintellect | Owner: sac@…
Type: task | Status: closed
Priority: major | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by strk):
* status: new => closed
* resolution: => fixed
Comment:
The password reset link in the mail is currently http or https depending
on the scheme used to request the reset link. Basically the script sends a
link to self (SCRIPT_URI).
I've now forced the reset link to be https no matter access schema
See commit e2bfe459f38fafb594194e5546f57a7963ea1849 in the cgi-bin dir.
It would be a good idea, in general, to redirect http to https for the
userid related scripts at the Apache level.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1772#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.