SESSION_COOKIE_SECURE and HTTP won't work

core/admin/mailu/ui/templates/login.html

@@ -7,3 +7,15 @@
 {%- block subtitle %}
 {% trans %}to access the administration tools{% endtrans %}
 {%- endblock %}
+
+{%+ block content %}
+{% if config["SESSION_COOKIE_SECURE"] %}
+<script language="javascript">
+	if(window.location.protocol != "https:") {
+		document.write('<div class="alert alert-danger" role="alert">The login form has been disabled as <b>SESSION_COOKIE_SECURE</b> is on but you are accessing Mailu over HTTP</div>');
+		window.stop();
+	}
+</script>
+{% endif %}
+{{ super() }}
+{%+ endblock %}

towncrier/newsfragments/1996.enhancement

@@ -0,0 +1 @@
+Disable the login page if SESSION_COOKIE_SECURE is incompatible with how Mailu is accessed as this seems to be a common misconfiguration.