Comment 2 for bug 646713

Revision history for this message
Andrew Nicols (dobedobedoh) wrote : Re: js config.wwwroot ignores httpswwwroot

I *think* that the ajaxlogin is the most security conscious part of this bug.
js/mahara.js->ajaxlogin() sends the json login request to config.wwwroot + 'minilogin.php' which will ignore the httpswwwroot set for auths.