Skip to content

Require https for Flipper Cloud url#1016

Open
jnunemaker wants to merge 1 commit into
mainfrom
require-https-cloud-url
Open

Require https for Flipper Cloud url#1016
jnunemaker wants to merge 1 commit into
mainfrom
require-https-cloud-url

Conversation

@jnunemaker

Copy link
Copy Markdown
Collaborator

Flipper Cloud sends the environment token on every request via the flipper-cloud-token header, so a non-https url would transmit it in cleartext with no warning. This enforces https for the Cloud url in both Cloud::Configuration#url= (covering options, the FLIPPER_CLOUD_URL env var, and post-init assignment) and Cloud::Migrate (which also sends the token on push), raising ArgumentError otherwise. Local development now runs over https via Caddy, so the previous http://localhost allowance is out of date. Specs were updated to use https and to assert that plain http is rejected.

🤖 Generated with Claude Code

The cloud token is sent on every request via the flipper-cloud-token
header, so a non-https url would transmit it in cleartext. Enforce https
in Cloud::Configuration#url= and Cloud::Migrate (local dev now uses https
via Caddy too), raising ArgumentError otherwise.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant