Encourage or enforce HTTPS URLs in documentation |
|||
Issue descriptionOur documentation contains a lot of HTTP links, and even a lot of Chromium-related domains don't use HSTS: crbug.com/624163#c11 Anyone visiting those links is at risk of making development decisions or copying information from an untrusted source, especially when they are not on the corp network. I'mma start by updating the conspicuous links at https://cs.chromium.org/chromium/src/docs/useful_urls.md to use HTTPS. A presubmit like _CheckHardcodedGoogleHostsInLowerLayers [1] could catch future HTTP links, but that would be friction against submitting documentation, and probably futile in the face of all the existing documentation in the repo. Ideas welcome. [1] https://bugs.chromium.org/p/chromium/issues/detail?id=624163#c11
,
Feb 12 2018
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 26
Maybe we could do this with a Tricium check? It seems like it would be feasible to detect HTTP URLs/links, so I'll add it to a hotlist to think about when I have a chance to play with Tricium. |
|||
►
Sign in to add a comment |
|||
Comment 1 by bugdroid1@chromium.org
, Feb 7 2017