Sidejack Prevention Phase 2: SSL Everywhere
Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were…
Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were protected against sidejacking attempts. However, any user actions on gists and public repositories (such as issues, wikis, downloads) were still vulnerable.
Last night, we rolled out the next phase from our latest security audit: SSL everywhere. Every hit to the website, whether you’re logged in or not, is over HTTPS with a secure cookie.
This is a big step, but we’re still seeing some resources being served directly from other sites and giving SSL warnings. We’re going to address this issue next. In the meantime your browsers might give warnings that look like this.
Our next step will be to fix these insecure assets that you might see in commit and issue comments. We’re hoping to have the remaining issues fixed over the next few days.
Written by
Related posts
The top 10 gifts for the developer in your life
Whether you’re hunting for the perfect gift for your significant other, the colleague you drew in the office gift exchange, or maybe (just maybe) even for yourself, we’ve got you covered with our top 10 gifts that any developer would love.
Congratulations to the winners of the 2024 Gaady Awards
The Gaady Awards are like the Emmy Awards for the field of digital accessibility. And, just like the Emmys, the Gaadys are a reason to celebrate! On November 21, GitHub was honored to roll out the red carpet for the accessibility community at our San Francisco headquarters.
Students: Start building your skills with the GitHub Foundations certification
The GitHub Foundations Certification exam fee is now waived for all students verified through GitHub Education.