Dh42
commented
3 years ago Now would be the time to enforce https for the back office by default, if it is set for the front office.
Closed getdatakick closed 3 years ago
Dh42
commented
3 years ago Now would be the time to enforce https for the back office by default, if it is set for the front office.
getdatakick
commented
3 years ago Now would be the time to enforce https for the back office by default, if it is set for the front office.
I agree, tb should be more strict about this. I've created issue thirtybees/thirtybees#1353 to track this
Update fails on CORS policy when logged in to administration using http:// protocol, and ssl is enabled.
Access to XMLHttpRequest at 'https://server/coreupdater.php?ts' from origin 'http://server' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.Core updater generates update url with https:// schema, but browser will block it because the page was generated over http:// schema.