#258 new
Walter McGinnis

Force HTTPS not enforced for private file access such as images or documents

Reported by Walter McGinnis | March 11th, 2010 @ 12:01 PM

Though in practice when the Force HTTPS links to uploaded files from detail pages using HTTPS rather than HTTP, it is possible with URL surgery to access a private file just over HTTP.

The enforcement of a redirect to https that works when viewing a private version's detail page should be carried over to file downloads, too.

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Kete was developed by Horowhenua Library Trust and Katipo Communications Ltd. to build a digital library of Horowhenua material.

People watching this ticket

Referenced by