Commit cbcd1582 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

fix: don't enforce https for callback url's in production mode

parent fada009f
Pipeline #30195 failed with stages
in 1 minute and 44 seconds
......@@ -554,12 +554,7 @@ func (s *Server) doResultCallback(result *server.SessionResult) {
logger := s.conf.Logger.WithFields(logrus.Fields{"session": result.Token, "callbackUrl": callbackUrl})
if !strings.HasPrefix(callbackUrl, "https") {
if s.conf.Production {
logger.Error("Not POSTing session result to callback URL without TLS: attributes would be unencrypted in transit")
return
} else {
logger.Warn("POSTing session result to callback URL without TLS: attributes are unencrypted in traffic")
}
logger.Warn("POSTing session result to callback URL without TLS: attributes are unencrypted in traffic")
} else {
logger.Debug("POSTing session result")
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment