summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login/CGI.pm
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/Auth/Login/CGI.pm')
-rw-r--r--Bugzilla/Auth/Login/CGI.pm11
1 files changed, 8 insertions, 3 deletions
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm
index 980e27123..9e008be82 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/Login/CGI.pm
@@ -65,12 +65,17 @@ sub fail_nodata {
->faultstring('Login Required');
}
- # Redirect to SSL if required
- if (Bugzilla->params->{'sslbase'} ne ''
- and Bugzilla->params->{'ssl'} ne 'never')
+ # If system is not configured to never require SSL connections
+ # we want to always redirect to SSL since passing usernames and
+ # passwords over an unprotected connection is a bad idea. If we
+ # get here then a login form will be provided to the user so we
+ # want this to be protected if possible.
+ if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne ''
+ && Bugzilla->params->{'ssl'} ne 'never')
{
$cgi->require_https(Bugzilla->params->{'sslbase'});
}
+
print $cgi->header();
$template->process("account/auth/login.html.tmpl",
{ 'target' => $cgi->url(-relative=>1) })
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-13 05:28:55 +0200