From 66e55c6f6918e2ff4c2e88c31e1a1996d70d3980 Mon Sep 17 00:00:00 2001
From: Aman Gupta <aman07112006@gmail.com>
Date: Thu, 1 Jan 2026 20:11:13 +0530
Subject: [PATCH] Upgrade HTTP links to HTTPS in documentation

---
 docs/patterns/mongoengine.rst | 2 +-
 docs/web-security.rst         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/patterns/mongoengine.rst b/docs/patterns/mongoengine.rst
index 624988e423..86bfc483c9 100644
--- a/docs/patterns/mongoengine.rst
+++ b/docs/patterns/mongoengine.rst
@@ -9,7 +9,7 @@ A running MongoDB server and `Flask-MongoEngine`_ are required. ::
 
     pip install flask-mongoengine
 
-.. _MongoEngine: http://mongoengine.org
+.. _MongoEngine: https://mongoengine.org
 .. _Flask-MongoEngine: https://flask-mongoengine.readthedocs.io
 
 
diff --git a/docs/web-security.rst b/docs/web-security.rst
index 4118b5ec67..4037b399f1 100644
--- a/docs/web-security.rst
+++ b/docs/web-security.rst
@@ -116,7 +116,7 @@ application's users with social engineering to do stupid things without
 them knowing.
 
 Say you have a specific URL that, when you sent ``POST`` requests to will
-delete a user's profile (say ``http://example.com/user/delete``).  If an
+delete a user's profile (say ``https://example.com/user/delete``).  If an
 attacker now creates a page that sends a post request to that page with
 some JavaScript they just have to trick some users to load that page and
 their profiles will end up being deleted.