View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007502 | Taler | wallet-core | public | 2022-11-29 18:27 | 2023-02-14 15:36 |
| Reporter | sebasjm | Assigned To | Florian Dold | ||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | feedback | Resolution | open | ||
| Product Version | git (master) | ||||
| Target Version | 0.9.6 | ||||
| Summary | 0007502: allowing http only in developer mode | ||||
| Description | as discussed | ||||
| Tags | No tags attached. | ||||
|
|
I don't see any good reasons for that. The security of Taler doesn't rely on HTTPs in the first place. Any good reasons to disallow http outside of developer mode? |
|
|
private communication with the exchange and the merchant by default, should only be disabled by the wallet user under devMode explicitly and with a big warning. some endpoint required sensible information in the url like the hash of the payto or the contract merchant may not want to interact with http-only exchange |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-29 18:27 | sebasjm | New Issue | |
| 2022-11-29 18:27 | sebasjm | Status | new => assigned |
| 2022-11-29 18:27 | sebasjm | Assigned To | => Florian Dold |
| 2023-01-13 17:07 | Christian Grothoff | Severity | minor => feature |
| 2023-02-11 14:42 | Florian Dold | Status | assigned => feedback |
| 2023-02-11 14:42 | Florian Dold | Note Added: 0019803 | |
| 2023-02-11 14:42 | Florian Dold | Assigned To | Florian Dold => sebasjm |
| 2023-02-13 16:00 | sebasjm | Status | feedback => confirmed |
| 2023-02-13 16:01 | sebasjm | Target Version | 0.9.2 => 0.9.6 |
| 2023-02-14 15:36 | sebasjm | Assigned To | sebasjm => Florian Dold |
| 2023-02-14 15:36 | sebasjm | Status | confirmed => feedback |
| 2023-02-14 15:36 | sebasjm | Note Added: 0019836 | |
| 2023-04-13 20:36 | Florian Dold | Category | wallet (TS core) => wallet-core |
