Tracker emails contain HTTP links to
Open, NormalPublic


Emails sent from contain HTTP links to, thus vulnerable to MITM attacks when clicked.


  1. in notifications of tasks:



  1. in email verification link sent to new user that done registration.

Please verify that you own this email address (...........) by clicking this link:


Change settings in tracker to use HTTPS links instead of HTTP, probably can acomplished by:

  1. a restart by "phd restart" may fix it, in case it's happening due to caching? see at: [Notification mails containing old links after changing phabricator.base-uri]

  1. The code path of first example use 'phabricator.production-uri' config to determinate the URI to use, so set it in configuration with https URI, which can be done by command:

./bin/config set phabricator.production-uri HTTPSURIVALUE
where HTTPSURIVALUE is result of ./bin/config get phabricator.base-uri

e3amn2l created this task.Sep 5 2018, 2:02 PM
e3amn2l edited the task description. (Show Details)Sep 5 2018, 2:09 PM

Add Comment