If I go to newsblur.com, I am served a page over http. If I go to https://newsblur.com, it is correctly served over https. Once I log in—over either connection—the reader loads via https.

I’d like to see http://newsblur.com redirect to https://newsblur.com, and if possible a HSTS header set to declare that browsers should always use an https connection.

Thanks for the great site!

Hi Dan, if you look in your preferences under the General tab, there is an option to always use HTTPS.

Yep, I’ve got that checked. But anyone loading newsblur.com without checking the box gets a plain http page.

It’s a problem because it is a login page, and the login credentials are sent to /reader/login which uses https if the page was loaded over https, but http if the page was loaded that way (the default).

would like to see this as well. primarily for instances where i’m logging in for the first time and I’ve just hand typed the URL.

Hi, login and sign-up should always use https, sending clear text passwords it is a security risk for us - users

hi @steanne, I know about this, but this should be implemented on application level, not every friend or family member is “technical” enough

I just loaded HTTPS homepage, logged in, and was sent to HTTP newsblur!!!