[Libreoffice-bugs] [Bug 111304] New: LibreOffice download page - please change torrent file to be downloaded using https instead of current http link

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Thu Aug 3 08:16:16 UTC 2017 

https://bugs.documentfoundation.org/show_bug.cgi?id=111304

            Bug ID: 111304
           Summary: LibreOffice download page - please change torrent file
                    to be downloaded using https instead of current http
                    link
           Product: LibreOffice
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Documentation
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: grofaty at hotmail.com
                CC: olivier.hallot at documentfoundation.org

Created attachment 135093
  --> https://bugs.documentfoundation.org/attachment.cgi?id=135093&action=edit
torrent_over_http.png

Hi,
today I have tried to download LibreOffice 5.4.0 torrent file to download
software. After investigating the problem, why I can't download torrent file
from LibreOffice web site, I have found out our enterprise IT administrators
have decided to restrict download torrent files from whole internet.

Like I see on LibreOffice web site the main problem is: torrent file is by
default downloaded using http protocol. From
https://www.libreoffice.org/download/download/ see the link:
http://download.documentfoundation.org/libreoffice/stable/5.4.0/win/x86/LibreOffice_5.4.0_Win_x86_helppack_en-US.msi.torrent
(notice the http in URL).

I have figure it out changing http to https and I can successfully download
torrent file and also LibreOffice is successfully downloaded using torrent
network traffic.

I see web server is redirecting http to https traffic, but this is not really
successful if some firewall rules inspects http traffic.

May I suggest to change http to https links at least for torrent files (this
bug report)?

Additional: By the way, I have installed "moarTLS Analyzer" Firefox extension
and I can see plenty of links on web page are using http links without real
reason (probably links from http only era), because site is supporting https
just fine. It is a lot more work to change all of the http addresses to https
(on whole web site, not just one particular page), but for
consistency/privacy/security reasons I think this is probably a good idea to ad
on agenda. Maybe you can also use Upgrade-Insecure-Requests http header web
server setting. Details:
https://www.w3.org/TR/upgrade-insecure-requests/#preference which is http
header that instructs to browser to change all of the http to https requests.
If this header would be implemented, my browser would see the http torrent URL
and would (browser itself) automatically changed it to https address and so not
getting into the download torrent problem. See attached image for more details.
Regards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20170803/af4236e9/attachment.html>

More information about the Libreoffice-bugs mailing list