Login form SSL is confusing
|Reported by:||Denis-de-Bernardy||Owned by:||ryan|
With ssl_admin off, and ssl_login on, the login form sends a secure POST request. But end-users can be confused into thinking that they're about to send a non-secure post unless they view the page's source code.
The attached patch enforces SSL on the form as well, to avoid this confusion.
Brought this up in IRC, and it gets +1 from Viper007Bond and DD32 as well.
Change History (20)
- Keywords needs-patch added; has-patch dev-feedback removed
comment:12 follow-up: ↓ 18 willnorris — 4 months ago
- Resolution wontfix deleted
- Status changed from closed to reopened