Registration form submits to non-secure URL even when retrieved from HTTPS address

PYuen1029 / fooDNB

A web app to track leftovers for Food Not Bombs

0 stars 0 forks source link

Registration form submits to non-secure URL even when retrieved from HTTPS address #1

Open fabacab opened 9 years ago

fabacab commented 9 years ago

On https://foodnb.herokuapp.com/auth/register the <form>'s action attribute points at http://foodnb.herokuapp.com/auth/register when it should point to an https address.

fabacab commented 9 years ago

This is also an issue on the logout link, by the way.

fabacab commented 9 years ago

Also the login form.

fabacab commented 9 years ago

Ooh, and when I manually enforce an HTTPS POST to the login form, my login fails and I'm redirected back to the login page. This means it is not possible to securely log into the app even though the form pages are served over HTTPS.