View Issue Details

IDProjectCategoryView StatusLast Update
0007502Talerwallet-corepublic2023-09-23 15:09
Reportersebasjm Assigned Tosebasjm  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.9.3Fixed in Version0.9.3 
Summary0007502: allowing http only in developer mode
Descriptionas discussed
TagsNo tags attached.

Activities

Florian Dold

2023-02-11 14:42

manager   ~0019803

I don't see any good reasons for that. The security of Taler doesn't rely on HTTPs in the first place.

Any good reasons to disallow http outside of developer mode?

sebasjm

2023-02-14 15:36

developer   ~0019836

private communication with the exchange and the merchant by default, should only be disabled by the wallet user under devMode explicitly and with a big warning.

some endpoint required sensible information in the url like the hash of the payto or the contract

merchant may not want to interact with http-only exchange

Florian Dold

2023-08-22 08:11

manager   ~0020423

Is report still relevant? AFAICT the wallet now has an allowHttp flag, and we don't have a developer mode on the wallet-core level, but instead have separate testing flags.

sebasjm

2023-08-22 14:21

developer   ~0020424

already implemented

Issue History

Date Modified Username Field Change
2022-11-29 18:27 sebasjm New Issue
2022-11-29 18:27 sebasjm Status new => assigned
2022-11-29 18:27 sebasjm Assigned To => Florian Dold
2023-01-13 17:07 Christian Grothoff Severity minor => feature
2023-02-11 14:42 Florian Dold Status assigned => feedback
2023-02-11 14:42 Florian Dold Note Added: 0019803
2023-02-11 14:42 Florian Dold Assigned To Florian Dold => sebasjm
2023-02-13 16:00 sebasjm Status feedback => confirmed
2023-02-13 16:01 sebasjm Target Version 0.9.2 => 0.9.6
2023-02-14 15:36 sebasjm Assigned To sebasjm => Florian Dold
2023-02-14 15:36 sebasjm Status confirmed => feedback
2023-02-14 15:36 sebasjm Note Added: 0019836
2023-04-13 20:36 Florian Dold Category wallet (TS core) => wallet-core
2023-08-22 08:11 Florian Dold Note Added: 0020423
2023-08-22 08:11 Florian Dold Assigned To Florian Dold => sebasjm
2023-08-22 14:21 sebasjm Status feedback => resolved
2023-08-22 14:21 sebasjm Resolution open => fixed
2023-08-22 14:21 sebasjm Note Added: 0020424
2023-09-03 14:46 Christian Grothoff Fixed in Version => 0.9.3
2023-09-03 14:46 Christian Grothoff Target Version 0.9.6 => 0.9.3
2023-09-23 15:09 Christian Grothoff Status resolved => closed