Ticket #13343 (confirmed Bug)
login form: credentials may be posted unencrypted
Reported by: | tonim | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | 4.x |
Component: | General | Version: | 4.2 |
Keywords: | Cc: |
Description
If I have JS enabled, the login form popup only posts to the same place where it came from. IOW, if the current page was loaded over HTTP, the action contains a link starting with "http:". If the page was loaded over HTTPS, the action starts with "https:". But if I want to divert the login action to be HTTPS, the JS based form will not load, afaics due to requiring cross-domain access. One possible solution would be to disable the JS login form altogether, and go to a HTTPS protected login form on the server (looks ugly, but works very well).
I suggest an optional quad-state entry "loginFormBehaviour" in the registry with the following values:
- not there, or "0": keep the current behaviour
- 1: unconditionally generate HTTPS links for the login action
- 2: disable the JS form, resulting in the user getting directed to the server-based login form
- 3: 1 | 2
Over time, Plone should imho adopt 2 as the default value for this switch. I have pieces to partially implement this behaviour, if you want them.
Rationale for choosing "2" as the default value, instead of "3": This make it possible to switch to HTTPS by using a web server's redirect, and does not require all people to change the settings who don't have HTTPS, or who don't care.