Patchwork redirects user to HTTP, exploitable for MiT attack!
When I log-in via secure protocol (https://patchwork.alpinelinux.org/user/login/), it always redirects me to HTTP. This is a serious security vulnerability, because session cookie is transferred in plain text, so it can be easily stolen using MiT attack!
We already have TLS certificate, so why is HTTP even allowed?
(from redmine: issue id 5713, created on 2016-06-12, closed on 2018-12-28)
- parent #5720 (closed)