Loading...
  OR  Zero-K Name:    Password:   

HTTPS version of zero-k.info isn't default?

7 posts, 382 views
Post comment
Filter:    Player:  
sort
11 months ago
So I just found out that this website supports HTTPS (https://zero-k.info/) and has for years. Why is it that putting zero-k.info in the browser bar automatically directs to the outdated HTTP version and not the HTTPS version?
+1 / -0

11 months ago
For me it https
+1 / -0

11 months ago
Good observation.

There is no redirect if just browsing to zero-k.info and the in game client links to forum and main site are http.

From the lobby, clicking on a user and selecting user page sends to the user's page via https however, so not all in client links are http.
+2 / -0
It`s like this for years now.
+1 / -0

11 months ago
USrankyanom

What would been the benefits of HTTPs here? Are you afraid someone middleattacks your elo? :-P
+0 / -0
11 months ago
The problem is the login form. The login/password will be sent in clear. If people use the same password for multiple services (yes, they shouldn't but...) you got another way to leak the password.

Not sure there is a reason for also having the http only, but without such reason (like old thing that access site and does not know https), having http redirect to https would be very good.
+3 / -0
11 months ago
Ok, based on https://github.com/ZeroK-RTS/Chobby/commit/5b736bc861104bd536789244082f41e1aa34aedd at least on "old thing that access site" was the lobby.
+0 / -0