Ensure https is used in the API call
nuchi opened this issue · comments
If a user passes an http://
url to the SaferMatcher
, their username/password or API key will be sent in the clear. Adding a check to ensure they're using an https://
url would prevent them from accidentally sending credentials over the network in clear-text.
(I'd happily open a PR)
@nuchi great catch. If you could send a PR that would be amazing. Thanks for the contribution :)