View Issue Details

IDProjectCategoryView StatusLast Update
0007502Talerwallet-corepublic2023-02-14 15:36
Reportersebasjm Assigned ToFlorian Dold  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status feedbackResolutionopen 
Product Versiongit (master) 
Target Version0.9.6 
Summary0007502: allowing http only in developer mode
Descriptionas discussed
TagsNo tags attached.

Activities

Florian Dold

2023-02-11 14:42

manager   ~0019803

I don't see any good reasons for that. The security of Taler doesn't rely on HTTPs in the first place.

Any good reasons to disallow http outside of developer mode?

sebasjm

2023-02-14 15:36

developer   ~0019836

private communication with the exchange and the merchant by default, should only be disabled by the wallet user under devMode explicitly and with a big warning.

some endpoint required sensible information in the url like the hash of the payto or the contract

merchant may not want to interact with http-only exchange

Issue History

Date Modified Username Field Change
2022-11-29 18:27 sebasjm New Issue
2022-11-29 18:27 sebasjm Status new => assigned
2022-11-29 18:27 sebasjm Assigned To => Florian Dold
2023-01-13 17:07 Christian Grothoff Severity minor => feature
2023-02-11 14:42 Florian Dold Status assigned => feedback
2023-02-11 14:42 Florian Dold Note Added: 0019803
2023-02-11 14:42 Florian Dold Assigned To Florian Dold => sebasjm
2023-02-13 16:00 sebasjm Status feedback => confirmed
2023-02-13 16:01 sebasjm Target Version 0.9.2 => 0.9.6
2023-02-14 15:36 sebasjm Assigned To sebasjm => Florian Dold
2023-02-14 15:36 sebasjm Status confirmed => feedback
2023-02-14 15:36 sebasjm Note Added: 0019836
2023-04-13 20:36 Florian Dold Category wallet (TS core) => wallet-core