6.0.0-beta1
7/8/25

[#8528] Sidebar doesn't respect use_ssl setting
Summary Sidebar doesn't respect use_ssl setting
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 2. Medium
Owners slusarz (at) horde (dot) org
Requester jan (at) horde (dot) org
Created 08/26/2009 (5795 days ago)
Due
Updated 09/01/2009 (5789 days ago)
Assigned 08/31/2009 (5790 days ago)
Resolved 08/31/2009 (5790 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
09/01/2009 08:23:04 AM Jan Schneider Comment #6 Reply to this comment
Now I see what the problem is. We no longer redirect after logging in, 
thus the frameset is loaded over HTTPS (by means of the login form), 
while the frames are plain HTTP. This should of course not happen, 
because it makes the user think he is accessing Horde over HTTPS.

But it's probably not worth fixing this, when the frameset is going 
away anyway.
08/31/2009 11:31:45 PM Michael Slusarz Comment #5
Summary ⇒ Sidebar doesn't respect use_ssl setting
State ⇒ Resolved
Reply to this comment
This was only partially broken.  The sidebar link in the frameset 
source was not a full URL.  But everything in the main window was 
correctly loading non-securely.
08/31/2009 10:36:07 PM Jan Schneider Comment #3 Reply to this comment
See bugs.horde.org.
08/31/2009 05:53:34 PM Michael Slusarz Comment #2
State ⇒ Feedback
Reply to this comment
I don't see this.



1. URL to non-secure page

2. Redirected to non-secure login page, with POST action of secure-login page

3. Process login in horde/login.php.  If verified, loads index.php.   
index.php either redirects to the original URL if given (see #1) or 
uses initial application settings.  All of these initial application 
URLs are generated via url() or applicationUrl() without the force_ssl 
override.
08/26/2009 10:52:32 AM Jan Schneider Comment #1
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Login over SSL doesn't work
Queue ⇒ Horde Framework Packages
Assigned to Michael Slusarz
Milestone ⇒
Patch ⇒ No
State ⇒ Assigned
Reply to this comment
The user stays on https after logging in.

Saved Queries