rooty/Bootstrap
0
0
Fork 0
mirror of https://github.com/twbs/bootstrap.git synced 2025-03-15 15:29:22 +01:00
Code Issues Actions Packages Releases Activity

Docs on enforcing HTTPS and avoiding mixed content (#33017)

Browse Source 
Co-authored-by: XhmikosR <xhmikosr@gmail.com>
This commit is contained in:
Philip Kiely 2021-02-08 23:54:16 -06:00 committed by GitHub
parent 96be06e32b
commit 96b86c1f58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
site/content/docs/5.0/customize/optimize.md
View File

@ -74,6 +74,8 @@ Whenever possible, be sure to compress all the code you serve to your visitors.
_Help wanted with this section, please consider opening a PR. Thanks!_ _Help wanted with this section, please consider opening a PR. Thanks!_
## Always use https ## Always use HTTPS
_Help wanted with this section, please consider opening a PR. Thanks!_ Your website should only be available over HTTPS connections in production. HTTPS improves the security, privacy, and availability of all sites, and [there is no such thing as non-sensitive web traffic](https://https.cio.gov/everything/). The steps to configure your website to be served exclusively over HTTPS vary widely depending on your architecture and web hosting provider, and thus are beyond the scope of these docs.
Sites served over HTTPS should also access all stylesheets, scripts, and other assets over HTTPS connections. Otherwise, you'll be sending users [mixed active content](https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content), leading to potential vulnerabilities where a site can be compromised by altering a dependency. This can lead to security issues and in-browser warnings displayed to users. Whether you're getting Bootstrap from a CDN or serving it yourself, ensure that you only access it over HTTPS connections.