| Summary | login.php : Full URLs generated for scripts and form action |
| Queue | Horde Framework Packages |
| Type | Bug |
| State | Not A Bug |
| Priority | 1. Low |
| Owners | |
| Requester | krustev (at) krustev (dot) net |
| Created | 02/15/2019 (2330 days ago) |
| Due | |
| Updated | 02/16/2019 (2329 days ago) |
| Assigned | |
| Resolved | 02/16/2019 (2329 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
Please use the mailing lists to ask for support.
http://www.horde.org/mail/ contains a list of all available mailing lists.
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ login.php : Full URLs generated for scripts and form action
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
/horde/themes/default/screen.css
/horde/themes/default/webkit.css
and for the login form action:
/horde/login.php
These URLs contain the protocol, domain and the URL path.
The browsers warn for trying to load scripts from unauthenticated
sources if the frontend is accessed by HTTPS and the backend by HTTP.
E.g. I have a setup with HAPROXY load balancer on the frontend and SSL
is terminated there. The backends are accessed by HTTP .
I really don't see a reason why the PROTO and HOST are part of the
generated URLs.
Versions of Horde, IMP are from Debian Stretch:
# dpkg -S /usr/share/horde/login.php
php-horde: /usr/share/horde/login.php
# apt-cache show php-horde
Package: php-horde
Version: 5.2.20+debian0-1