Comment 3 for bug 646713
Revision history for this message
| Andrew Nicols (dobedobedoh) wrote Re: js config.wwwroot ignores httpswwwroot | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
There's no sane way to fix the ajaxlogin I don't think:
User using http but httpswwwroot is set. If forcing to use httpswwwroot, this is an XSS
User using http and we ignore the httpswwwroot, password sent over http.