= bug description =
I just noticed that jenkins.fedorainfracloud.org/ runs over http, even though switching manually to https works. The bad news is that for some reason, some of the internal links are hardcoded to use http even when the https versions do work. I'm not sure all the links work this way though.
I'm not sure what's up, but I would highly recommend fixing this if possible. I'm hoping it's just an oversight as opposed to some critical issue. Not sure if using over http is causing me to leak any secret data, auth tokens, etc...
= bug analysis =
= fix recommendation =
switch to https only.
I'm unsure if jenkins can talk https natively or if we would need to setup some kind of proxy.
In any case there's no sensitive data, all auth is via fedora ipsilon/openid.
Adding mizdebsk here for comment...
jenkins now uses https (with a letsencrypt cert)
@kevin changed the status to Closed
to comment on this ticket.