From 8842e6aa09e40832e3276933eecbbdcf213d9d5c Mon Sep 17 00:00:00 2001
From: Adam Williams <lol768@lol768.com>
Date: Mon, 3 Apr 2017 09:01:59 +0100
Subject: [PATCH] Use HTTPS in fullUrl by default for resources

Since no redirect or HSTS is in place, these downloads are
vulnerable to being MitM'd. This commit changes all future
links to use "HTTPS" in the protocol part instead of "HTTP".

Related: scala/scala-lang#627
---
 src/main/scala/MakeDownloadPage.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/scala/MakeDownloadPage.scala b/src/main/scala/MakeDownloadPage.scala
index 0340764..ad1d82b 100644
--- a/src/main/scala/MakeDownloadPage.scala
+++ b/src/main/scala/MakeDownloadPage.scala
@@ -37,7 +37,7 @@ class MakeDownloadPage(version: String, releaseDate: Date = new Date()) {
 
   def resourceArchive(cls: String, name: String, ext: String, desc: String): Future[String] = {
     val fileName = s"$name-$version.$ext"
-    val fullUrl = s"http://downloads.lightbend.com/scala/$version/$fileName"
+    val fullUrl = s"https://downloads.lightbend.com/scala/$version/$fileName"
     resource(cls, fileName, desc, fullUrl, fullUrl)
   }