https://bugs.documentfoundation.org/show_bug.cgi?id=111304
Bug ID: 111304
Summary: LibreOffice download page - please change torrent file
to be downloaded using https instead of current http
link
Product: LibreOffice
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: Documentation
Assignee: libreoffice-bugs@lists.freedesktop.org
Reporter: grof...@hotmail.com
CC: olivier.hal...@documentfoundation.org
Created attachment 135093
--> https://bugs.documentfoundation.org/attachment.cgi?id=135093&action=edit
torrent_over_http.png
Hi,
today I have tried to download LibreOffice 5.4.0 torrent file to download
software. After investigating the problem, why I can't download torrent file
from LibreOffice web site, I have found out our enterprise IT administrators
have decided to restrict download torrent files from whole internet.
Like I see on LibreOffice web site the main problem is: torrent file is by
default downloaded using http protocol. From
https://www.libreoffice.org/download/download/ see the link:
http://download.documentfoundation.org/libreoffice/stable/5.4.0/win/x86/LibreOffice_5.4.0_Win_x86_helppack_en-US.msi.torrent
(notice the http in URL).
I have figure it out changing http to https and I can successfully download
torrent file and also LibreOffice is successfully downloaded using torrent
network traffic.
I see web server is redirecting http to https traffic, but this is not really
successful if some firewall rules inspects http traffic.
May I suggest to change http to https links at least for torrent files (this
bug report)?
Additional: By the way, I have installed "moarTLS Analyzer" Firefox extension
and I can see plenty of links on web page are using http links without real
reason (probably links from http only era), because site is supporting https
just fine. It is a lot more work to change all of the http addresses to https
(on whole web site, not just one particular page), but for
consistency/privacy/security reasons I think this is probably a good idea to ad
on agenda. Maybe you can also use Upgrade-Insecure-Requests http header web
server setting. Details:
https://www.w3.org/TR/upgrade-insecure-requests/#preference which is http
header that instructs to browser to change all of the http to https requests.
If this header would be implemented, my browser would see the http torrent URL
and would (browser itself) automatically changed it to https address and so not
getting into the download torrent problem. See attached image for more details.
Regards
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs