From 9a440e26044b61076a96e9e435c42441b8ff8ebe Mon Sep 17 00:00:00 2001 From: Dario Ernst Date: Sun, 23 Aug 2020 14:47:23 +0200 Subject: [PATCH] Force setup-file download scheme to HTTPS Up until now HTTPS was only offered by redirect, making MitM possible before server redirect hit the client. Add scheme-force to HTTPS to the url-generation. fixes #963 --- setup/flavors/compose/setup.html | 4 ++-- setup/flavors/stack/setup.html | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/flavors/compose/setup.html b/setup/flavors/compose/setup.html index b29e726a..3aa88809 100644 --- a/setup/flavors/compose/setup.html +++ b/setup/flavors/compose/setup.html @@ -11,8 +11,8 @@ in a project directory. First create your project directory.

to read and check the configuration variables generated by the wizard.

cd {{ root }}
-wget {{ url_for('.file', uid=uid, filepath='docker-compose.yml', _external=True) }}
-wget {{ url_for('.file', uid=uid, filepath='mailu.env', _external=True) }}
+wget {{ url_for('.file', uid=uid, _scheme='https', filepath='docker-compose.yml', _external=True) }}
+wget {{ url_for('.file', uid=uid, _scheme='https', filepath='mailu.env', _external=True) }}
{% endcall %} diff --git a/setup/flavors/stack/setup.html b/setup/flavors/stack/setup.html index 9c775b20..b7486ead 100644 --- a/setup/flavors/stack/setup.html +++ b/setup/flavors/stack/setup.html @@ -11,8 +11,8 @@ in a project directory. First create your project directory.

to read and check the configuration variables generated by the wizard.

cd {{ root }}
-wget {{ url_for('.file', uid=uid, filepath='docker-compose.yml', _external=True) }}
-wget {{ url_for('.file', uid=uid, filepath='mailu.env', _external=True) }}
+wget {{ url_for('.file', uid=uid, _scheme='https', filepath='docker-compose.yml', _external=True) }}
+wget {{ url_for('.file', uid=uid, _scheme='https', filepath='mailu.env', _external=True) }}
{% endcall %}