[ANSWERED] - Object Storage: Control panel download NOT https


#1

Users should be aware that when they download a non-public file from their OS via the control panel, the automatically generated GET request is only http, not https.
Which means that both the signed URL in the request (which gives everybody who knows it free access to this specific file for 5 minutes) and the file’s data in the response are unencrypted.

G.


#2

Hi GeogK,

Thank you for your return, I am not sure to understand or you have http connection at https places.

When I put an object in public it is behind an https URL, and when I request the download of an object it is available through an https url.

Can you put us a screen, or the beginning of the host which would be in http please

Yours


#3

Hi T.,
thanks for your response.
I enclose a screenshot (Firefox).
Whenever I press the “Download” button in the console, it generates two requests, and the second one (containing the URL and the data) is a simple http.
BTW, the file is set to “not public”.
Could the redirect be the problem?

Regards
Georg


#4

Perfect, thank you for your response we put this in our todo :wink:

Théotime