hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-13 04:53:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Show insecure login warning when not in a secure context

Browse Source 
Secure contexts are a more robust way of checking that a browsing context
is authenticated and confidential. Compared to comparing the scheme this
covers cases where the connection is encrypted, but using a broken algorithm.

Notably, localhost is considered a secure context, even over HTTP.

For more detail on secure contexts, see:
https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
This commit is contained in:
James Frost
2024-07-23 11:19:16 +01:00
parent 0cd5e51dd4
commit 0c20f3e867
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
share/jupyterhub/templates/login.html
View File

@@ -91,7 +91,7 @@
{% block script %} {% block script %}
{{ super() }} {{ super() }}
<script> <script>
if (window.location.protocol === "http:") { if (!window.isSecureContext) {
// unhide http warning // unhide http warning
var warning = document.getElementById('insecure-login-warning'); var warning = document.getElementById('insecure-login-warning');
warning.className = warning.className.replace(/\bhidden\b/, ''); warning.className = warning.className.replace(/\bhidden\b/, '');