When unsubscribing from a mailing list, then clicking the link to https://lists.freebsd.org/mailman/confirm/freebsd-wireless/<hash> in the confirmation mail, and on that link hitting the "Unsubscribe" button, the form is sent insecurely, which throws a security warning. Please change the form action to use HTTPS, in consistency with mailman's confirm URL.
This is true of subscription-confirmation requests as well, probably just an error in mailman configuration (possibly DEFAULT_URL_PATTERN ?) The confirmation link in email is http://lists.freebsd.org/mailman/confirm/blahblah, which redirects to HTTPS. But the confirmation form explicitly specifies HTTP again: > <FORM action="http://lists.freebsd.org/mailman/confirm/freebsd-fs" method="POST" > which causes another insecure request.
I don't think we are passing the correct tokens through from the front end proxy for this to work right without a redirect loop. I'll look at this after some sleep.
Postmaster: I have run: mailman% ../bin/withlist -l -a -r fix_url This has changed the per-list config.pck settings from 'web_page_url': 'http://lists.freebsd.org/mailman/', to 'web_page_url': 'https://lists.freebsd.org/mailman/',
Thanks for fixing this!