This repository was archived by the owner on Oct 6, 2021. It is now read-only.
This repository was archived by the owner on Oct 6, 2021. It is now read-only.
Insecure links and loading #200
Description
- Check this box if this is a security vulnerability.
Summary
Airship keeps trying to load things over http and submit forms over http even when the current page is served over https. As a result, I can't log in and I'm getting console errors.
Expected Outcome
I could log into the bridge and start doing things with my airship
What Actually Happened
bridge:11 Refused to load the stylesheet 'http://xxx.xxx.com/bridge/motif_extra.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".
bridge:35 Mixed Content: The page at 'https://xxx.xxx.com/bridge' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://xxx.xxx.com/bridge/login'. This endpoint should be made available over a secure connection.
bridge:1 Refused to load the stylesheet 'http://xxx.xxx.com/bridge/motif_extra.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".
Submitting the form does nothing.