You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just stumbled across this project and I find it very interesting.
However, i noticed that in the project home, all examples load the JS file
using plain HTTP.
It's true that one using this library probably can figure out by himself, but I
believe it would be wise to update those examples to use HTTPS instead
(googlecode is also available under HTTPS) and perhaps add a recommendation to
use HTTPS on *all* components of a security-sensitive web application (at least
all components that may contain javascript, like html and js files).
The reason is quite simple: plain HTTP is subject to man-in-the-middle attacks,
so an attacker could easily inject malitious code into the client's browser
(say, pretending he is code.google.com) and grab the sensitive information.
Original issue reported on code.google.com by [email protected] on 22 Feb 2015 at 10:06
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 22 Feb 2015 at 10:06The text was updated successfully, but these errors were encountered: