6.0.0-git
2019-03-22

[#8528] Sidebar doesn't respect use_ssl setting
Summary Sidebar doesn't respect use_ssl setting
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 2. Medium
Owners slusarz (at) horde (dot) org
Requester jan (at) horde (dot) org
Created 2009-08-26 (3495 days ago)
Due
Updated 2009-09-01 (3489 days ago)
Assigned 2009-08-31 (3490 days ago)
Resolved 2009-08-31 (3490 days ago)
Milestone
Patch No

History
2009-09-01 08:23:04 Jan Schneider Comment #6 Reply to this comment
Now I see what the problem is. We no longer redirect after logging in, 
thus the frameset is loaded over HTTPS (by means of the login form), 
while the frames are plain HTTP. This should of course not happen, 
because it makes the user think he is accessing Horde over HTTPS.

But it's probably not worth fixing this, when the frameset is going 
away anyway.
2009-08-31 23:31:45 Michael Slusarz Comment #5
Summary ⇒ Sidebar doesn't respect use_ssl setting
State ⇒ Resolved
Reply to this comment
This was only partially broken.  The sidebar link in the frameset 
source was not a full URL.  But everything in the main window was 
correctly loading non-securely.
2009-08-31 22:36:07 Jan Schneider Comment #3 Reply to this comment
See bugs.horde.org.
2009-08-31 17:53:34 Michael Slusarz Comment #2
State ⇒ Feedback
Reply to this comment
I don't see this.



1. URL to non-secure page

2. Redirected to non-secure login page, with POST action of secure-login page

3. Process login in horde/login.php.  If verified, loads index.php.   
index.php either redirects to the original URL if given (see #1) or 
uses initial application settings.  All of these initial application 
URLs are generated via url() or applicationUrl() without the force_ssl 
override.
2009-08-26 10:52:32 Jan Schneider Comment #1
Type ⇒ Bug
State ⇒ Assigned
Priority ⇒ 2. Medium
Summary ⇒ Login over SSL doesn't work
Queue ⇒ Horde Framework Packages
Assigned to Michael Slusarz
Milestone ⇒
Patch ⇒ No
Reply to this comment
The user stays on https after logging in.

Saved Queries