Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
cbcd1582
Commit
cbcd1582
authored
Sep 25, 2019
by
Sietse Ringers
Browse files
fix: don't enforce https for callback url's in production mode
parent
fada009f
Pipeline
#30195
failed with stages
in 1 minute and 44 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
server/requestorserver/server.go
View file @
cbcd1582
...
...
@@ -554,12 +554,7 @@ func (s *Server) doResultCallback(result *server.SessionResult) {
logger
:=
s
.
conf
.
Logger
.
WithFields
(
logrus
.
Fields
{
"session"
:
result
.
Token
,
"callbackUrl"
:
callbackUrl
})
if
!
strings
.
HasPrefix
(
callbackUrl
,
"https"
)
{
if
s
.
conf
.
Production
{
logger
.
Error
(
"Not POSTing session result to callback URL without TLS: attributes would be unencrypted in transit"
)
return
}
else
{
logger
.
Warn
(
"POSTing session result to callback URL without TLS: attributes are unencrypted in traffic"
)
}
logger
.
Warn
(
"POSTing session result to callback URL without TLS: attributes are unencrypted in traffic"
)
}
else
{
logger
.
Debug
(
"POSTing session result"
)
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment