diff options
| author | Simon L <szaimen@e.mail.de> | 2023-04-18 03:18:54 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-18 03:18:54 +0200 |
| commit | e10e509452de7f69c64e394a652b46a6ca2cbd95 (patch) | |
| tree | b39e01fc3b4ad6078ffc046fb08c916d9953745c | |
| parent | 96e7eaf2c7899205db4bad848705c584ed41368c (diff) | |
| parent | ff02b072ae35de6d5757461a1a2ebb51f5bb4d9e (diff) | |
| download | nextcloud-server-e10e509452de7f69c64e394a652b46a6ca2cbd95.tar.gz nextcloud-server-e10e509452de7f69c64e394a652b46a6ca2cbd95.zip | |
Merge pull request #37330 from Al2Klimov/http-enough
Omit "Accessing site insecurely via HTTP." warning if HTTP is secure enough
| -rw-r--r-- | core/js/setupchecks.js | 2 | ||||
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 24 |
2 files changed, 1 insertions, 25 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index b2d021c6265..827696be9ff 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -717,7 +717,7 @@ type: OC.SetupChecks.MESSAGE_TYPE_WARNING }); } - } else { + } else if (!/(?:^(?:localhost|127\.0\.0\.1|::1)|\.onion)$/.exec(window.location.hostname)) { messages.push({ msg: t('core', 'Accessing site insecurely via HTTP. You are strongly advised to set up your server to require HTTPS instead, as described in the {linkstart}security tips ↗{linkend}.') .replace('{linkstart}', '<a target="_blank" rel="noreferrer noopener" class="external" href="' + tipsUrl + '">') diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index 57536c59569..1d7badf495e 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -1954,30 +1954,6 @@ describe('OC.SetupChecks tests', function() { }); }); - it('should return a SSL warning if HTTPS is not used', function(done) { - protocolStub.returns('http'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'Accessing site insecurely via HTTP. You are strongly advised to set up your server to require HTTPS instead, as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - it('should return an error if the response has no statuscode 200', function(done) { var async = OC.SetupChecks.checkGeneric(); |