0
Fixed

TeslaFi is not using HTTPS

bjornlilja 7 years ago updated by James 7 years ago 8

TeslaFi is a great service but I was a bit stunned when I notice that the the website is unencrypted. 


One can debate the sensitivity of the data provided by TeslaFi as long as the access to control the car is safe, but there is no questing that you are dealing with some level of sensitive data. And if nothing else, if the security level of the website does not feel safe, it raises questions of the general security of the service.


What are your plans for providing the service over HTTPS?

+1
Under review

See if it looks better now.  I was calling Google's static maps via http instead of https.  I'm showing a lock via safari and chrome after logging in.

+1

Now it works perfectly! Thank you for your swift reply and fix.

Using Safari, it is using HTTPS, although it's not obvious until you click in the URL field to display the full URL.

Chrome says some parts of the page, like pictures, are not encrypted.

Strange.   I suppose it could be the DNS change and Cloudflare.  I checked a few SSL verifiers such as digicert.com and they are showing the certificate installed correctly.  Hopefully it’s just a DNS issue and will clear up. 

Oh, then I must apologise! No, still no HTTPS, even when going explicitly to https://teslafi.com/index.php

Under review

TeslaFi has always been using HTTPS. I wonder if your seeing this because of the server move?  It appears to be working on the devices and browsers I just checked. Are you still not being redirected to HTTPS?

Commenting disabled