[Tickets #14898] login.php : Full URLs generated for scripts and form action
noreply at bugs.horde.org
noreply at bugs.horde.org
Fri Feb 15 18:07:01 UTC 2019
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14898
------------------------------------------------------------------------------
Ticket | 14898
Created By | krustev at krustev.net
Summary | login.php : Full URLs generated for scripts and form
| action
Queue | Horde Framework Packages
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
krustev at krustev.net (2019-02-15 18:07) wrote:
login.php generates full URLs for:
/horde/themes/default/screen.css
/horde/themes/default/webkit.css
and for the login form action:
/horde/login.php
These URLs contain the protocol, domain and the URL path.
The browsers warn for trying to load scripts from unauthenticated
sources if the frontend is accessed by HTTPS and the backend by HTTP.
E.g. I have a setup with HAPROXY load balancer on the frontend and SSL
is terminated there. The backends are accessed by HTTP .
I really don't see a reason why the PROTO and HOST are part of the
generated URLs.
Versions of Horde, IMP are from Debian Stretch:
# dpkg -S /usr/share/horde/login.php
php-horde: /usr/share/horde/login.php
# apt-cache show php-horde
Package: php-horde
Version: 5.2.20+debian0-1
More information about the bugs
mailing list