There's no sane way to fix the ajaxlogin I don't think: User using http but httpswwwroot is set. If forcing to use httpswwwroot, this is an XSS User using http and we ignore the httpswwwroot, password sent over http.
There's no sane way to fix the ajaxlogin I don't think:
User using http but httpswwwroot is set. If forcing to use httpswwwroot, this is an XSS
User using http and we ignore the httpswwwroot, password sent over http.