Softpedia >News >Security >Security Blog
Softpedia Homepage   

GitHub Pages Gets HTTPS Support

GitHub will force all new GitHub Pages to use HTTPS starting June 15, but not those running on custom domains

Jun 8, 2016 23:35 GMT  ·  By
GitHub Pages gets HTTPS support
   GitHub Pages gets HTTPS support

GitHub is making HTTPS mandatory for all GitHub Pages websites starting June 15, 2016, the company announced yesterday.

GitHub is the place where most coders go to host their source code. There are alternatives, but GitHub is great and has lots of features.

If you’re an open-source aficionado, besides hosting your code, GitHub also lets you build presentation websites, which are internally called GitHub Pages.

These are static HTML websites created with the Ruby-based Jakyll static site generator. The technology is simple and was copied by multiple other projects as well.

Until now, GitHub Pages have been delivered via HTTP by default, but GitHub users have had the option to force HTTPS if authors wanted, with a warning from GitHub's crew.

"We refrained from officially supporting it [HTTPS for GitHub Pages] because the traffic from our CDN to our servers wasn't encrypted until now," GitHub's Ben Toews explains today.

HTTPS support on the main GitHub service was added many years before. With today's announcement, GitHub will be moving GitHub Pages over HTTPS, and now almost all of the service's main features are available over encrypted communications.

Taking into account that some nation states are quite interested in what their citizens are programming or hosting on GitHub, the move needs to be applauded.

Starting June 15, all new username.github.io domains will use HTTPS, and all old ones will be redirected to the HTTPS version automatically. GitHub Pages that use custom domains will remain on HTTP.