ui.waitReconnect() may load over HTTP instead of HTTPS
Peter Naulls
peter at chocky.org
Wed Dec 28 10:42:26 PST 2022
I see this warning in Firefox (OpenWrt 22.03):
Loading mixed (insecure) display content
“http://192.168.113.1/luci-static/resources/icons/loading.gif?0.046104145623280135”
on a secure page
This happens when the sysupgrade dialog is processing on an https luci. It
doesn't cause any real harm, but it would be good to fix.
The problem is that pingDevice falls back to http only when no protocol
is specified:
pingDevice: function(proto, ipaddr) {
var target = '%s://%s%s?%s'.format(proto || 'http', ipaddr ||
window.location.host, L.resource('icons/loading.gif'), Math.random());
For some of the calls to ui.awaitReconnect, window.location.protocol could be
prefixed, but I think pingDevice is the correct place for a fix.
More information about the openwrt-devel
mailing list