Open bradkeller opened 1 month ago
HTTP_ALLOWED sets the login cookie to allow http traffic, so it only affects the login flow like you discovered. And that's also why it is needed when accessing the website without https. Or are you visiting it over https?
Now when reading it again I am a little confused when it fails and doesn't fail since the title and the body suggests different things.
I have deployed the container using the default config, when it is in this state it allows the creation of an account but attempts to login just refresh the page. If I change HTTP_ALLOWED to FALSE the login process succeeds. Changing it back the login process fails again.
Edit: This is when using v0.1.1 #