[Hanziq] Download links redirect to insecure HTTP

This subforum contains all the issues which we already resolved.
Post Reply
Copy link
SyncViews
Filter Inserter
Filter Inserter
Posts: 295
Joined: Thu Apr 21, 2016 3:17 pm
Contact:
Contact SyncViews

[Hanziq] Download links redirect to insecure HTTP

Post by SyncViews »

I noticed when looking at some server auto update scripts that the downloads get redirected to plain HTTP, which may be tampered with.

https://www.factorio.com/ forces itself to HTTPS (HSTS) which is good, with the download links being things like https://www.factorio.com/get-download/0 ... ss/linux64

But then that request returns this:
HTTP/1.1 302 FOUND
Connection: close
Server: gunicorn/19.7.0
Date: Wed, 05 Jul 2017 12:29:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 445
Location: http://eu2.factorio.com/releases/factorio_headless_x64_0.14.23.tar.gz?key=w7r9xKQWe50cJjDU6dJP4Q&expires=1499258386
Strict-Transport-Security: max-age=31536000
Set-Cookie: ...; HttpOnly; Path=/
Via: 1.1 vegur
https://eu2.factorio.com/releases/facto ... 1499258386 does work for me so the server is set up for HTTPS.
Top
User avatar
HanziQ
Former Staff
Former Staff
Posts: 630
Joined: Fri Mar 27, 2015 7:07 am
Contact:
Contact HanziQ

Re: [Hanziq] Download links redirect to insecure HTTP

Post by HanziQ »

Thank you for the report, fixed.
Top
Post Reply

Return to “Resolved Problems and Bugs”