Add a warning on login if page not over ssl.

The --no-ssl option in the backend make sens, but still too many deployment are not over SSL because they underestimate / do not understand the risks.
2025-10-18 15:33:02 +00:00 · 2016-06-12 13:15:02 -07:00
parent d4c0fe8679
commit 3ddfa5f939
2 changed files with 17 additions and 0 deletions
--- a/share/jupyter/hub/static/less/login.less
+++ b/share/jupyter/hub/static/less/login.less
@@ -2,6 +2,11 @@
    display: table;
    height: 80vh;

+    & #insecure-login-warning{
+        .bg-warning();
+        padding:10px;
+    }
+    
    .service-login {
      text-align: center;
      display: table-cell;
--- a/share/jupyter/hub/templates/login.html
+++ b/share/jupyter/hub/templates/login.html
@@ -21,6 +21,12 @@
    Sign in
  </div>
  <div class='auth-form-body'>
+
+    <p id='insecure-login-warning'>
+    Warning: JupyterHub seems to be served over an unsecured HTTP connection.
+    We strongly recommend enabling TLS for JupyterHub.
+    </p>
+
    {% if login_error %}
    <p class="login_error">
      {{login_error}}
@@ -65,4 +71,10 @@
 {% block script %}
 {{super()}}

+<script>
+if (window.location.protocol === "https:") {
+    var warnings = document.getElementById('insecure-login-warning').remove()
+}
+</script>
+
 {% endblock %}