Currently the login page on the legacy website, that is also used to login to discourse, uses regular http. The website however supports https, as you can manually add the s to make the login process secure.
Please make https default for the login page at least.
2 Likes
Thanks for the report! I’m going to make all legacy pages that require login force https usage.
2 Likes
Even more important is: http://legacy.skritter.com/account/billing/subscribe
Please enable https there by default too, as you are asking for credit card details.
I’ve just forced the subscribe page to load using https on legacy.
The Login page for discourse (http://legacy.skritter.com/discourse/login?sso=XXX) currently also doesn’t use https by default.
I’ve just pushed a fix live for the discourse login page.