Login process does not work unless HTTP_ALLOWED is set to TRUE

[bradkeller]

I have deployed the container using the default config, when it is in this state it allows the creation of an account but attempts to login just refresh the page. If I change HTTP_ALLOWED to FALSE the login process succeeds. Changing it back the login process fails again.

services:
  convertx: 
    image: ghcr.io/c4illin/convertx
    ports:
      - "3002:3000"
    environment: # Defaults are listed below. All are optional.
      - ACCOUNT_REGISTRATION=false # true or false, doesn't matter for the first account (e.g. keep this to false if you only want one account)
      - JWT_SECRET=aLongAndSecretStringUsedToSignTheJSONWebToken1234 # will use randomUUID() by default
      - HTTP_ALLOWED=false # setting this to true is unsafe, only set this to true locally
    volumes:
      - /home/brakelle/config/convertx:/app/data

Edit: This is when using v0.1.1 #

[C4illin]

HTTP_ALLOWED sets the login cookie to allow http traffic, so it only affects the login flow like you discovered. And that's also why it is needed when accessing the website without https. Or are you visiting it over https?

[C4illin]

Now when reading it again I am a little confused when it fails and doesn't fail since the title and the body suggests different things.