Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-19 18:28:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move the decision whether we are showing the no-HTTPS warning from server-side (where no https may be used when a reverse proxy is used) to user-side where this is more definite

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2025-03-06 17:49:29 +01:00
parent 97d3a22559
commit a5e2c627a4
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/js/settings-teleporter.js
View File

@@ -105,3 +105,10 @@ $("#GETTeleporter").on("click", function () {
},
});
});
$(function () {
// Show warning if not accessed over HTTPS
if (location.protocol !== "https:") {
$("#encryption-warning").show();
}
});

2
scripts/lua/footer.lp
View File

@@ -68,6 +68,6 @@ end
<!-- ./wrapper -->
<script src="<?=pihole.fileversion('scripts/js/footer.js')?>"></script>
<div id="advanced-info-data" style="display: none;" data-starttime="<?=starttime?>" data-endtime="<?=mg.time(true)?>" data-client-ip="<?=mg.request_info.remote_addr?>" data-tls="<?=tostring(is_secure)?>" data-xff="<?=x_forwarded_for?>"></div>
<div id="advanced-info-data" style="display: none;" data-starttime="<?=starttime?>" data-endtime="<?=mg.time(true)?>" data-client-ip="<?=mg.request_info.remote_addr?>" data-xff="<?=x_forwarded_for?>"></div>
</body>
</html>

3
scripts/lua/header.lp
View File

@@ -39,9 +39,6 @@ function in_array (val, tab)
return false
end
-- Connection is considered secure if running natively on HTTPS
is_secure = mg.request_info.https
-- Variable to check if user is already authenticated
is_authenticated = mg.request_info.is_authenticated

2
settings-teleporter.lp
View File

@@ -21,7 +21,7 @@ mg.include('scripts/lua/settings_header.lp','r')
</div>
<div class="box-body">
<p><strong>Warning:</strong><br>This archive contains sensitive information about your Pi-hole installation, e.g. your 2FA-TOTP secret (if enabled). Please be careful with this file and do not share it with anyone even if they claim to help you.</p>
<? if not is_secure then ?><p class='text-danger'><strong>Warning:</strong><br>You are currently not using an end-to-end encryption. This means that secrets like your 2FA-TOTP secret will be transmitted in plain text. We recommend to use HTTPS when exporting your configuration.</p><? end ?>
<p class='text-danger' id="encryption-warning" style="display: none;"><strong>Warning:</strong><br>You are currently not using an end-to-end encryption. This means that secrets like your 2FA-TOTP secret will be transmitted in plain text. We recommend to use HTTPS when exporting your configuration.</p>
<div class="pull-right">
<a class="btn btn-app btn-success" id="GETTeleporter" target="_blank">
<i class="fa fa-save fa-xl"></i><br>Export