Activate https server support in 21.02 by default
Hauke Mehrtens
hauke at hauke-m.de
Sun May 16 06:21:11 PDT 2021
On 5/14/21 4:22 PM, Etienne Champetier wrote:
> Hi All,
>
> Le ven. 14 mai 2021 à 05:00, Petr Štetiar <ynezz at true.cz> a écrit :
>>
>> Fernando Frediani <fhfrediani at gmail.com> [2021-05-11 20:13:18]:
>>
>> Hi,
>>
>>> I am no sure https support should still be something by default in the
>>> images as it's not something really essential
>>
>> to me it's like discussion about telnet versus SSH. (Puting aside, that one
>> shouldn't be using password at all) If it's fine with you to send your
root
>> password over telnet, then SSH is not essential, I agree.
>>
>> FYI HTTPS wouldn't be enabled by default, it would be *available* by default,
>> giving users of default release images choice for management of their devices
>> over HTTPS, by doing so *explicitly*.
>
> I'm all for HTTPS to be shipped by default
> One painfull "bug" that some people might face having both HTTP and HTTPS,
> when you login using HTTPS, the sysauth cookie has secure=true,
> so you can't login via HTTP anymore because it's trying to modify the
> secure=true sysauth cookie :(
>
> Etienne
I ran into this when I first used an image with luci-ssl and then
changed to one without it. What about setting a not secure cookie that
tells the browser that https was used when we access LuCI over https.
When the browser accesses LuCI now over unencrypted http the code will
check for this cookie and forward the browser to the https version. If
this cookie is not found it behaves like before. If https worked once it
will probably also work a second time.
Is it even possible to handle the error when we want to overwrite the
secure=true cookie and do a forward to https instead?
Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x93DD20630910B515.asc
Type: application/pgp-keys
Size: 9895 bytes
Desc: OpenPGP public key
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20210516/8faec739/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20210516/8faec739/attachment-0001.sig>
More information about the openwrt-devel
mailing list