View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007502 | Taler | wallet-core | public | 2022-11-29 18:27 | 2023-02-14 15:36 |
Reporter | sebasjm | Assigned To | Florian Dold | ||
Priority | normal | Severity | feature | Reproducibility | have not tried |
Status | feedback | Resolution | open | ||
Product Version | git (master) | ||||
Target Version | 0.9.6 | ||||
Summary | 0007502: allowing http only in developer mode | ||||
Description | as discussed | ||||
Tags | No tags attached. | ||||
|
I don't see any good reasons for that. The security of Taler doesn't rely on HTTPs in the first place. Any good reasons to disallow http outside of developer mode? |
|
private communication with the exchange and the merchant by default, should only be disabled by the wallet user under devMode explicitly and with a big warning. some endpoint required sensible information in the url like the hash of the payto or the contract merchant may not want to interact with http-only exchange |
Date Modified | Username | Field | Change |
---|---|---|---|
2022-11-29 18:27 | sebasjm | New Issue | |
2022-11-29 18:27 | sebasjm | Status | new => assigned |
2022-11-29 18:27 | sebasjm | Assigned To | => Florian Dold |
2023-01-13 17:07 | Christian Grothoff | Severity | minor => feature |
2023-02-11 14:42 | Florian Dold | Status | assigned => feedback |
2023-02-11 14:42 | Florian Dold | Note Added: 0019803 | |
2023-02-11 14:42 | Florian Dold | Assigned To | Florian Dold => sebasjm |
2023-02-13 16:00 | sebasjm | Status | feedback => confirmed |
2023-02-13 16:01 | sebasjm | Target Version | 0.9.2 => 0.9.6 |
2023-02-14 15:36 | sebasjm | Assigned To | sebasjm => Florian Dold |
2023-02-14 15:36 | sebasjm | Status | confirmed => feedback |
2023-02-14 15:36 | sebasjm | Note Added: 0019836 | |
2023-04-13 20:36 | Florian Dold | Category | wallet (TS core) => wallet-core |