fix: use https instead of http in links (#312)

Fix issue #306

Author: ervinismu

README.md

@@ -2,7 +2,7 @@ Sinatra Website / Documentation
 ===============================
 
 This repo contains the Sinatra website and documentation sources published
-at [http://sinatra.github.com/](http://sinatra.github.io/).
+at [https://sinatra.github.com/](https://sinatra.github.io/).
 
 Working Locally
 ---------------
@@ -27,9 +27,9 @@ Run the test server:
 Changes are immediately available at:
 
     http://localhost:4000/sinatra.github.com/
-    
 
-    
+
+
 Sass / CSS / Gulp
 --------------
 
@@ -73,7 +73,7 @@ and the API docs:
     $ gem install thor
     $ gem install rdoc -v 2.3.0
     $ gem install haml -v 2.0.4
-    $ gem install mislav-hanna --source=http://gems.github.com/
+    $ gem install mislav-hanna --source=https://gems.github.com/
 
 The prebuilt file sources are maintained under the [sinatra](https://github.com/sinatra/sinatra) and
 [sinatra-book](https://github.com/sinatra/sinatra-book) projects. To pull in the latest versions and build them:

Thorfile

@@ -7,7 +7,7 @@ class Blog < Thor
     layout: post
     title: TITLE
     author: YOUR NAME
-    author_url: http://sinatra.github.com/
+    author_url: https://sinatra.github.com/
     publish_date: #{Time.now.strftime('%A, %B %d, %Y')}
     ---
 

_includes/README.html

@@ -1,4 +1,4 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "https://www.w3.org/TR/REC-html40/loose.dtd">
 <html><body>
 
 <p><a href="https://badge.fury.io/rb/sinatra"><img src="https://badge.fury.io/rb/sinatra.svg" alt="Gem Version"></a>
@@ -323,7 +323,7 @@ <h2 id="static-files">Static Files</h2>
 
 <p>Note that the public directory name is not included in the URL. A file
 <code>./public/css/style.css</code> is made available as
-<code>http://example.com/css/style.css</code>.</p>
+<code>https://example.com/css/style.css</code>.</p>
 
 <p>Use the <code>:static_cache_control</code> setting (see <a href="#cache-control">below</a>) to add
 <code>Cache-Control</code> header info.</p>
@@ -474,7 +474,7 @@ <h4 id="haml-templates">Haml Templates</h4>
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://haml.info/" title="haml">haml</a></td>
+    <td><a href="https://haml.info/" title="haml">haml</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -533,7 +533,7 @@ <h4 id="nokogiri-templates">Nokogiri Templates</h4>
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://www.nokogiri.org/" title="nokogiri">nokogiri</a></td>
+    <td><a href="https://www.nokogiri.org/" title="nokogiri">nokogiri</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -616,7 +616,7 @@ <h4 id="rdoc-templates">RDoc Templates</h4>
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://rdoc.sourceforge.net/" title="RDoc">RDoc</a></td>
+    <td><a href="https://rdoc.sourceforge.net/" title="RDoc">RDoc</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -649,7 +649,7 @@ <h4 id="asciidoc-templates">AsciiDoc Templates</h4>
 <table>
   <tr>
     <td>Dependency</td>
-    <td><a href="http://asciidoctor.org/" title="Asciidoctor">Asciidoctor</a></td>
+    <td><a href="https://asciidoctor.org/" title="Asciidoctor">Asciidoctor</a></td>
   </tr>
   <tr>
     <td>File Extension</td>
@@ -1382,7 +1382,7 @@ <h3 id="browser-redirect">Browser Redirect</h3>
 <p>Any additional parameters are handled like arguments passed to <code>halt</code>:</p>
 
 <div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">redirect</span> <span class="n">to</span><span class="p">(</span><span class="s1">'/bar'</span><span class="p">),</span> <span class="mi">303</span>
-<span class="n">redirect</span> <span class="s1">'http://www.google.com/'</span><span class="p">,</span> <span class="s1">'wrong place, buddy'</span>
+<span class="n">redirect</span> <span class="s1">'https://www.google.com/'</span><span class="p">,</span> <span class="s1">'wrong place, buddy'</span>
 </code></pre></div></div>
 
 <p>You can also easily redirect back to the page the user came from with
@@ -1554,7 +1554,7 @@ <h3 id="accessing-the-request-object">Accessing the Request Object</h3>
 <p>The incoming request object can be accessed from request level (filter,
 routes, error handlers) through the <code>request</code> method:</p>
 
-<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># app running on http://example.com/example</span>
+<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># app running on https://example.com/example</span>
 <span class="n">get</span> <span class="s1">'/foo'</span> <span class="k">do</span>
   <span class="n">t</span> <span class="o">=</span> <span class="sx">%w[text/css text/html application/javascript]</span>
   <span class="n">request</span><span class="p">.</span><span class="nf">accept</span>              <span class="c1"># ['text/html', '*/*']</span>
@@ -1577,7 +1577,7 @@ <h3 id="accessing-the-request-object">Accessing the Request Object</h3>
   <span class="n">request</span><span class="p">.</span><span class="nf">user_agent</span>          <span class="c1"># user agent (used by :agent condition)</span>
   <span class="n">request</span><span class="p">.</span><span class="nf">cookies</span>             <span class="c1"># hash of browser cookies</span>
   <span class="n">request</span><span class="p">.</span><span class="nf">xhr?</span>                <span class="c1"># is this an ajax request?</span>
-  <span class="n">request</span><span class="p">.</span><span class="nf">url</span>                 <span class="c1"># "http://example.com/example/foo"</span>
+  <span class="n">request</span><span class="p">.</span><span class="nf">url</span>                 <span class="c1"># "https://example.com/example/foo"</span>
   <span class="n">request</span><span class="p">.</span><span class="nf">path</span>                <span class="c1"># "/example/foo"</span>
   <span class="n">request</span><span class="p">.</span><span class="nf">ip</span>                  <span class="c1"># client IP address</span>
   <span class="n">request</span><span class="p">.</span><span class="nf">secure?</span>             <span class="c1"># false (would be true over ssl)</span>
@@ -2216,7 +2216,7 @@ <h2 id="sinatrabase---middleware-libraries-and-modular-apps">Sinatra::Base - Mid
 </ul>
 
 <p><code>Sinatra::Base</code> is a blank slate. Most options are disabled by default,
-including the built-in server. See <a href="http://www.sinatrarb.com/configuration.html">Configuring
+including the built-in server. See <a href="https://www.sinatrarb.com/configuration.html">Configuring
 Settings</a> for details on
 available options and their behavior. If you want behavior more similar
 to when you define your app at the top level (also known as Classic
@@ -2701,7 +2701,7 @@ <h2 id="further-reading">Further Reading</h2>
   <li>
 <a href="https://github.com/sinatra/sinatra-book">Sinatra Book</a> - Cookbook Tutorial</li>
   <li>
-<a href="http://recipes.sinatrarb.com/">Sinatra Recipes</a> - Community contributed
+<a href="https://recipes.sinatrarb.com/">Sinatra Recipes</a> - Community contributed
 recipes</li>
   <li>API documentation for the <a href="https://www.rubydoc.info/gems/sinatra">latest release</a>
 or the <a href="https://www.rubydoc.info/github/sinatra/sinatra">current HEAD</a> on

_includes/navbar.html

@@ -1,14 +1,14 @@
 <div id='head'>
 
   <ul id='navbar'>
-    <li class='nav-list-item'><a href='http://github.com/sinatra/sinatra'>CODE</a></li>
+    <li class='nav-list-item'><a href='https://github.com/sinatra/sinatra'>CODE</a></li>
     <li class='nav-list-item'><a href='{{ site.baseurl }}/documentation.html'>DOCS</a></li>
     <li class='nav-list-item'><a href='{{ site.baseurl }}/intro.html'>README</a></li>
     <li class='nav-list-item'><a href='{{ site.baseurl }}/blog.html'>BLOG</a></li>
     <li class='nav-list-item' id='nav-logo'>
       <a href='{{ site.baseurl }}/'><img src="{{ site.baseurl }}/images/logo.png" height='59' width='86' alt="Sinatra Logo"></a>
     </li>
-    <li class='nav-list-item'><a href='http://github.com/sinatra/sinatra/contributors'>CREW</a></li>
+    <li class='nav-list-item'><a href='https://github.com/sinatra/sinatra/contributors'>CREW</a></li>
     <li class='nav-list-item'><a href='{{ site.baseurl }}/contributing.html'>CONTRIBUTE</a></li>
     <li class='nav-list-item'><a href='{{ site.baseurl }}/about.html'>ABOUT</a></li>
     <li class='nav-list-item'><a href='https://discord.gg/ncjsfsNHh7'>DISCORD</a></li>
@@ -20,11 +20,11 @@
   <div id='hidden-navbar-wrapper'>
     <ul class='hide' id='hidden-navbar'>
       <li class='hidden-nav-list-item'><a href='{{ site.baseurl }}/'>HOME</a></li>
-      <li class='hidden-nav-list-item'><a href='http://github.com/sinatra/sinatra'>CODE</a></li>
+      <li class='hidden-nav-list-item'><a href='https://github.com/sinatra/sinatra'>CODE</a></li>
       <li class='hidden-nav-list-item'><a href='{{ site.baseurl }}/documentation.html'>DOCS</a></li>
       <li class='hidden-nav-list-item'><a href='{{ site.baseurl }}/intro.html'>README</a></li>
       <li class='hidden-nav-list-item'><a href='{{ site.baseurl }}/blog.html'>BLOG</a></li>
-      <li class='hidden-nav-list-item'><a href='http://github.com/sinatra/sinatra/contributors'>CREW</a></li>
+      <li class='hidden-nav-list-item'><a href='https://github.com/sinatra/sinatra/contributors'>CREW</a></li>
       <li class='hidden-nav-list-item'><a href='{{ site.baseurl }}/about.html'>ABOUT</a></li>
       <li class='hidden-nav-list-item'><a href='{{ site.baseurl }}/contributing.html'>CONTRIBUTE</a></li>
       <li class='hidden-nav-list-item'><a href='https://discord.gg/ncjsfsNHh7'>DISCORD</a></li>

_includes/rack-protection-authenticity-token.html

@@ -6,7 +6,7 @@
 <p>all</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery">en.wikipedia.org/wiki/Cross-site_request_forgery</a></p>
+<p><a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">en.wikipedia.org/wiki/Cross-site_request_forgery</a></p>
 </dd></dl>
 
 <p>This middleware only accepts requests other than <code>GET</code>, <code>HEAD</code>, <code>OPTIONS</code>, <code>TRACE</code> if their given access token matches the token included in the session.</p>

_includes/rack-protection-content-security-policy.html

@@ -9,7 +9,7 @@
 <p>Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) of a web application inform the client about the sources from which the application expects to load resources.</p>
 </dd><dt>More info
 <dd>
-<p>W3C CSP Level 1 : <a href="https://www.w3.org/TR/CSP1">www.w3.org/TR/CSP1</a>/ (deprecated) W3C CSP Level 2 : <a href="https://www.w3.org/TR/CSP2">www.w3.org/TR/CSP2</a>/ (current) W3C CSP Level 3 : <a href="https://www.w3.org/TR/CSP3">www.w3.org/TR/CSP3</a>/ (draft) <a href="https://developer.mozilla.org/en-US/docs/Web/Security/CSP">developer.mozilla.org/en-US/docs/Web/Security/CSP</a> <a href="http://caniuse.com/#search=ContentSecurityPolicy">caniuse.com/#search=ContentSecurityPolicy</a> <a href="http://content-security-policy.com">content-security-policy.com</a>/ <a href="https://securityheaders.io">securityheaders.io</a> <a href="https://scotthelme.co.uk/csp-cheat-sheet">scotthelme.co.uk/csp-cheat-sheet</a>/ <a href="http://www.html5rocks.com/en/tutorials/security/content-security-policy">www.html5rocks.com/en/tutorials/security/content-security-policy</a>/</p>
+<p>W3C CSP Level 1 : <a href="https://www.w3.org/TR/CSP1">www.w3.org/TR/CSP1</a>/ (deprecated) W3C CSP Level 2 : <a href="https://www.w3.org/TR/CSP2">www.w3.org/TR/CSP2</a>/ (current) W3C CSP Level 3 : <a href="https://www.w3.org/TR/CSP3">www.w3.org/TR/CSP3</a>/ (draft) <a href="https://developer.mozilla.org/en-US/docs/Web/Security/CSP">developer.mozilla.org/en-US/docs/Web/Security/CSP</a> <a href="https://caniuse.com/#search=ContentSecurityPolicy">caniuse.com/#search=ContentSecurityPolicy</a> <a href="https://content-security-policy.com">content-security-policy.com</a>/ <a href="https://securityheaders.io">securityheaders.io</a> <a href="https://scotthelme.co.uk/csp-cheat-sheet">scotthelme.co.uk/csp-cheat-sheet</a>/ <a href="https://www.html5rocks.com/en/tutorials/security/content-security-policy">www.html5rocks.com/en/tutorials/security/content-security-policy</a>/</p>
 </dd></dl>
 
 <p>Sets the ‘<a href="-Report-Only">Content-Security-Policy</a>’ header.</p>

_includes/rack-protection-escaped-params.html

@@ -6,7 +6,7 @@
 <p>all</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://en.wikipedia.org/wiki/Cross-site_scripting">en.wikipedia.org/wiki/Cross-site_scripting</a></p>
+<p><a href="https://en.wikipedia.org/wiki/Cross-site_scripting">en.wikipedia.org/wiki/Cross-site_scripting</a></p>
 </dd></dl>
 
 <p>Automatically escapes Rack::Request#params so they can be embedded in HTML or JavaScript without any further issues.</p>

_includes/rack-protection-form-token.html

@@ -6,7 +6,7 @@
 <p>all</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery">en.wikipedia.org/wiki/Cross-site_request_forgery</a></p>
+<p><a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">en.wikipedia.org/wiki/Cross-site_request_forgery</a></p>
 </dd></dl>
 
 <p>Only accepts submitted forms if a given access token matches the token included in the session. Does not expect such a token from Ajax request.</p>

_includes/rack-protection-http-origin.html

@@ -6,14 +6,14 @@
 <p>Google Chrome 2, Safari 4 and later</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery">en.wikipedia.org/wiki/Cross-site_request_forgery</a> <a href="http://tools.ietf.org/html/draft-abarth-origin">tools.ietf.org/html/draft-abarth-origin</a></p>
+<p><a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">en.wikipedia.org/wiki/Cross-site_request_forgery</a> <a href="https://tools.ietf.org/html/draft-abarth-origin">tools.ietf.org/html/draft-abarth-origin</a></p>
 </dd></dl>
 
 <p>Does not accept unsafe HTTP requests when value of Origin HTTP request header does not match default or permitted URIs.</p>
 
 <p>If you want to permit a specific domain, you can pass in as the ‘:permitted_origins` option:</p>
 
-<pre class="ruby"><span class="ruby-identifier">use</span> <span class="ruby-constant">Rack</span><span class="ruby-operator">::</span><span class="ruby-constant">Protection</span>, <span class="ruby-value">permitted_origins:</span> [<span class="ruby-string">&quot;http://localhost:3000&quot;</span>, <span class="ruby-string">&quot;http://127.0.01:3000&quot;</span>]
+<pre class="ruby"><span class="ruby-identifier">use</span> <span class="ruby-constant">Rack</span><span class="ruby-operator">::</span><span class="ruby-constant">Protection</span>, <span class="ruby-value">permitted_origins:</span> [<span class="ruby-string">&quot;http://localhost:3000&quot;</span>, <span class="ruby-string">&quot;https://127.0.01:3000&quot;</span>]
 </pre>
 
 <p>The ‘:allow_if` option can also be set to a proc to use custom allow/deny logic.</p>

_includes/rack-protection-ip-spoofing.html

@@ -6,7 +6,7 @@
 <p>all</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing">blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing</a>/</p>
+<p><a href="https://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing">blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing</a>/</p>
 </dd></dl>
 
 <p>Detect (some) IP spoofing attacks.</p>

_includes/rack-protection-json-csrf.html

@@ -6,7 +6,7 @@
 <p>all</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://flask.pocoo.org/docs/0.10/security/#json-security">flask.pocoo.org/docs/0.10/security/#json-security</a> <a href="http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx">haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx</a></p>
+<p><a href="https://flask.pocoo.org/docs/0.10/security/#json-security">flask.pocoo.org/docs/0.10/security/#json-security</a> <a href="https://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx">haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx</a></p>
 </dd></dl>
 
 <p>JSON GET APIs are vulnerable to being embedded as JavaScript when the Array prototype has been patched to track data. Checks the referrer even on GET requests if the content type is JSON.</p>

_includes/rack-protection-path-traversal.html

@@ -6,7 +6,7 @@
 <p>all</p>
 </dd><dt>More infos
 <dd>
-<p><a href="http://en.wikipedia.org/wiki/Directory_traversal">en.wikipedia.org/wiki/Directory_traversal</a></p>
+<p><a href="https://en.wikipedia.org/wiki/Directory_traversal">en.wikipedia.org/wiki/Directory_traversal</a></p>
 </dd></dl>
 
 <p>Unescapes ‘/’ and ‘.’, expands <code>path_info</code>. Thus <code>GET /foo/%2e%2e%2fbar</code> becomes <code>GET /bar</code>.</p>