Ticket #13343 (confirmed Bug)

Opened 3 years ago

Last modified 3 years ago

login form: credentials may be posted unencrypted

Reported by: tonim Owned by:
Priority: major Milestone: 4.x
Component: General Version: 4.2
Keywords: Cc:

Description

If I have JS enabled, the login form popup only posts to the same place where it came from. IOW, if the current page was loaded over HTTP, the action contains a link starting with "http:". If the page was loaded over HTTPS, the action starts with "https:". But if I want to divert the login action to be HTTPS, the JS based form will not load, afaics due to requiring cross-domain access. One possible solution would be to disable the JS login form altogether, and go to a HTTPS protected login form on the server (looks ugly, but works very well).

I suggest an optional quad-state entry "loginFormBehaviour" in the registry with the following values:

  • not there, or "0": keep the current behaviour
  • 1: unconditionally generate HTTPS links for the login action
  • 2: disable the JS form, resulting in the user getting directed to the server-based login form
  • 3: 1 | 2

Over time, Plone should imho adopt 2 as the default value for this switch. I have pieces to partially implement this behaviour, if you want them.

Rationale for choosing "2" as the default value, instead of "3": This make it possible to switch to HTTPS by using a web server's redirect, and does not require all people to change the settings who don't have HTTPS, or who don't care.

Change History

comment:1 Changed 3 years ago by kleist

  • Status changed from new to confirmed
  • Priority changed from minor to major
  • Component changed from Unknown to General
Note: See TracTickets for help on using tickets.