From b48779ea7084278d494e436386d06fd5e55161d6 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Fri, 8 Oct 2021 10:17:03 +0200
Subject: [PATCH] SESSION_COOKIE_SECURE and HTTP won't work

---
 core/admin/mailu/ui/templates/login.html | 12 ++++++++++++
 towncrier/newsfragments/1996.enhancement |  1 +
 2 files changed, 13 insertions(+)
 create mode 100644 towncrier/newsfragments/1996.enhancement

diff --git a/core/admin/mailu/ui/templates/login.html b/core/admin/mailu/ui/templates/login.html
index fb8e5bd4..118173cb 100644
--- a/core/admin/mailu/ui/templates/login.html
+++ b/core/admin/mailu/ui/templates/login.html
@@ -7,3 +7,15 @@
 {%- block subtitle %}
 {% trans %}to access the administration tools{% endtrans %}
 {%- endblock %}
+
+{%+ block content %}
+{% if config["SESSION_COOKIE_SECURE"] %}
+<script language="javascript">
+	if(window.location.protocol != "https:") {
+		document.write('<div class="alert alert-danger" role="alert">The login form has been disabled as <b>SESSION_COOKIE_SECURE</b> is on but you are accessing Mailu over HTTP</div>');
+		window.stop();
+	}
+</script>
+{% endif %}
+{{ super() }}
+{%+ endblock %}
diff --git a/towncrier/newsfragments/1996.enhancement b/towncrier/newsfragments/1996.enhancement
new file mode 100644
index 00000000..d1bc2ccf
--- /dev/null
+++ b/towncrier/newsfragments/1996.enhancement
@@ -0,0 +1 @@
+Disable the login page if SESSION_COOKIE_SECURE is incompatible with how Mailu is accessed as this seems to be a common misconfiguration.