SESSION_COOKIE_SECURE and HTTP won't work

3 years ago · b48779ea70
parent 7678365ab3
commit b48779ea70
2 changed files with 13 additions and 0 deletions
--- a/core/admin/mailu/ui/templates/login.html
+++ b/core/admin/mailu/ui/templates/login.html
@ -7,3 +7,15 @@
 {%- block subtitle %}
 {% trans %}to access the administration tools{% endtrans %}
 {%- endblock %}
+
+{%+ block content %}
+{% if config["SESSION_COOKIE_SECURE"] %}
+<script language="javascript">
+	if(window.location.protocol != "https:") {
+		document.write('<div class="alert alert-danger" role="alert">The login form has been disabled as <b>SESSION_COOKIE_SECURE</b> is on but you are accessing Mailu over HTTP</div>');
+		window.stop();
+	}
+</script>
+{% endif %}
+{{ super() }}
+{%+ endblock %}
--- a/towncrier/newsfragments/1996.enhancement
+++ b/towncrier/newsfragments/1996.enhancement
@ -0,0 +1 @@
+Disable the login page if SESSION_COOKIE_SECURE is incompatible with how Mailu is accessed as this seems to be a common misconfiguration.
				`@ -0,0 +1 @@`
				`Disable the login page if SESSION_COOKIE_SECURE is incompatible with how Mailu is accessed as this seems to be a common misconfiguration.`