#768 mod_admin_web: Login silently fails if HTTP used instead of HTTPS

Reporter Eugene
Owner Nobody
Created
Updated
Stars ★ (1)  
Tags
  • Status-New
  • Priority-Medium
  • Type-Defect
  1. Eugene on

    What steps will reproduce the problem? 1. Do a fresh install of Prosody 0.9 2. Do a fresh install of mod_admin_web 3. Create user, set user as admin in config file 4. Set c2s_require_encryption to true 5. Restart Prosody Go to http://example.com:5280/admin. After pressing "Login" button nothing will happen, and no errors on page or in the logs. Go to https://example.com:5281/admin. Everything works fine. Tested with both internal_plain and internal_hashed authentication settings. I guess this happens because my settings do not allow non-TLS auth. The bug here is that login fails silently, with no error messages.

New comment