Opened 4 years ago
Last modified 4 years ago
#10267 new defect (bug)
Login form SSL is confusing
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | Future Release |
| Component: | Security | Version: | |
| Severity: | normal | Keywords: | needs-patch |
| Cc: |
Description
With ssl_admin off, and ssl_login on, the login form sends a secure POST request. But end-users can be confused into thinking that they're about to send a non-secure post unless they view the page's source code.
The attached patch enforces SSL on the form as well, to avoid this confusion.
Brought this up in IRC, and it gets +1 from Viper007Bond and DD32 as well.
Attachments (1)
Change History (10)
Denis-de-Bernardy — 4 years ago
- Keywords tested removed
the issue is this, in site_url:
$scheme = ( is_ssl() ? 'https' : 'http' );
the entire check might need to look like the following:
if ( 'login_post' == $scheme )
$scheme = ( force_ssl_login() || force_ssl_admin() ) ? 'https' : 'http';
elseif ( 'login' == $scheme )
$scheme = ( force_ssl_login() || force_ssl_admin() ) ? 'https' : 'http';
elseif ( ('admin' == $scheme) )
$scheme = force_ssl_admin() ? 'https' : 'http';
else
$scheme = is_ssl() ? 'https' : 'http';
but we might then end up needing an extra scheme for #10268 and the likes of #10253.
- Keywords dev-feedback added
see also #9008
The current behavior is on purpose and patterned after gmail where you have the option of using SSL or not by using either https or http. If we redirect logins to https the user will end up dumped in an SSL admin session after login even though they requested http. I think if someone is concerned with this they should just force ssl admin.
well, I figured the same, but ssl is a tad bit slow (a lot slower even)...
- Keywords needs-patch added; has-patch dev-feedback removed
mm, needs a bit more work, actually. it ends up returning the dashboard in ssl when logging in.