Confirmation error


#1

Hi all,

Got an error trying to confirm my user, but bypassed it by changing the emailed confirmation URL to https.
This should probably be fixed, if only to prevent new users from sending their passwords in the clear…

Also, frist p0st! :smiley:


#2

If anybody can’t reproduce this, it’s because you’ve visited joinmastodon.org before, which uses HSTS and includes this subdomain. I agree the mail URL should use https and you might want to set up HSTS here as well.


#3

It doesn’t seem like I can influence this in any way from the settings.


#4

There should be a “force https” setting under admin > site settings. That ought to fix the email link.


#5

Nope, that’s not there. Mind you, this is a hosted Discourse, not my own, so I might be locked out of some settings…?


#6

just cry for HALP @discourse!


#7

Makes sense, @discourse would probably need to change that setting.


#8

@Gargron can you confirm for me that
your oauth settings inside of patreon and github are pointing to your https
url? Once your confirm that I can force all traffic to be https.


#9

Yes, I can confirm that!


#10

Okay, all http traffic is now being forced to https.