// Require using the same protocol that was used for logging in
if ((aRequest.getSession()->getSessionType() == Session::TYPE_SECURE) != aIsSecure) {
aRequest.setResponseErrorStr("Protocol mismatch");
return websocketpp::http::status_code::not_acceptable;
}
Current UI and client versions:
Built from develop
Steps to reproduce the issue:
http://127.0.0.1:5600/api/v1/search
using Basic auth, works as expected.https://127.0.0.1:5601/api/v1/search
using Basic auth, returnsProtocol mismatch
At this point
aIsSecure = true
but we haveSession:TYPE_BASIC_AUTH
and notSession:TYPE_SECURE
so we getProtocol mismatch
back.https://github.com/airdcpp-web/airdcpp-webclient/blob/develop/airdcpp-webapi/web-server/ApiRouter.cpp#L125-L129