Sidejack Prevention Phase 2: SSL Everywhere
Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were…
Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were protected against sidejacking attempts. However, any user actions on gists and public repositories (such as issues, wikis, downloads) were still vulnerable.
Last night, we rolled out the next phase from our latest security audit: SSL everywhere. Every hit to the website, whether you’re logged in or not, is over HTTPS with a secure cookie.
This is a big step, but we’re still seeing some resources being served directly from other sites and giving SSL warnings. We’re going to address this issue next. In the meantime your browsers might give warnings that look like this.
Our next step will be to fix these insecure assets that you might see in commit and issue comments. We’re hoping to have the remaining issues fixed over the next few days.
Written by
Related posts
![](https://github.blog/wp-content/uploads/2023/09/screencapture-innovationgraph-github-2023-09-20-15_44_54-1.png?resize=400%2C212)
How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.
![](https://github.blog/wp-content/uploads/2024/01/Enterprise-DarkMode-1.png?resize=400%2C212)
GitHub Availability Report: June 2024
In June, we experienced two incidents that resulted in degraded performance across GitHub services.
![](https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?resize=400%2C212)
Advancing responsible practices for open source AI
Outcomes from the Partnership on AI and GitHub workshop.