Bulma: Configure https for bulma.io

Created on 11 Oct 2017 · 7Comments · Source: jgthms/bulma

This is about the Docs.

Description

The bulma website contains sensitive information (people embedding stuff into their website)
and should (not only) therefore use https.

Here is a guide: https://hackernoon.com/set-up-ssl-on-github-pages-with-custom-domains-for-free-a576bdf51bc

Expected behavior

Redirect users from http to https

Actual behavior

Website is http only

Source

brasilikum

👍1

Most helpful comment

https://bulma.io/ 😉

jgthms on 16 Oct 2017

🎉1 👍1

All 7 comments

I'm not saying HTTPS is not a good thing, because it is. But as far as I know, nothing gets embedded from Bulma.

VizuaaLOG on 11 Oct 2017

The bulma website contains sensitive information (people embedding stuff into their website)

I'm not sure what you mean by this, since bulma.io is purely a static documentation website powered by GitHub pages, so there's no sensitive information exchanged, and there's no way to actual "embed" anything. 🤔

jgthms on 12 Oct 2017

It should still be HTTPS regardless of embedding any content or not.

ctolkien on 13 Oct 2017

👍1

People expect to follow instructions on a docs page, so the risk of them embedding x or running y is increased

https://doesmysiteneedhttps.com lists a few reasons, but in 2017 I think we should not be discussing if or if not.

There are virtually no downsides, many upsides and the effort is 20 minutes once.

The setup from above also increases speed by caching on the edges (e.g. here in Colombia, Australia) and Http/2 also only works over https.

brasilikum on 13 Oct 2017

I think @brasilikum opens this issue makes a point and since we are in 2018 (soon), https is basically everywhere and same for http2. We do not wish to see Google Chrome ended up flagging the site with the big red page just because it is not https.

This is one source. Although the icon flagged by Chrome does not make any breaking changes to anything, it is still something ugly.