mirror of https://github.com/keeweb/keeweb.git
Require https on start: some browser APIs are not available when the app is loaded via HTTP, it's better to fail fast.
This commit is contained in:
parent
23477e1d2f
commit
e889f5f5ba
|
@ -111,20 +111,15 @@ ready(() => {
|
|||
return Promise.resolve().then(() => {
|
||||
const skipHttpsWarning = localStorage.skipHttpsWarning || appModel.settings.get('skipHttpsWarning');
|
||||
const protocolIsInsecure = ['https:', 'file:', 'app:'].indexOf(location.protocol) < 0;
|
||||
const hostIsInsecure = location.hostname !== 'localhost';
|
||||
const hostIsInsecure = location.hostname !== 'localhost2';
|
||||
if (protocolIsInsecure && hostIsInsecure && !skipHttpsWarning) {
|
||||
return new Promise(resolve => {
|
||||
Alerts.error({
|
||||
header: Locale.appSecWarn, icon: 'user-secret', esc: false, enter: false, click: false,
|
||||
body: Locale.appSecWarnBody1 + '<br/><br/>' + Locale.appSecWarnBody2,
|
||||
buttons: [
|
||||
{result: '', title: Locale.appSecWarnBtn, error: true}
|
||||
],
|
||||
complete: () => {
|
||||
showView();
|
||||
resolve();
|
||||
}
|
||||
});
|
||||
Alerts.error({
|
||||
header: Locale.appSecWarn, icon: 'user-secret', esc: false, enter: false, click: false,
|
||||
body: Locale.appSecWarnBody1,
|
||||
buttons: [],
|
||||
complete: () => {
|
||||
showView();
|
||||
}
|
||||
});
|
||||
} else {
|
||||
showView();
|
||||
|
|
|
@ -282,9 +282,7 @@
|
|||
"autoTypeNoMatches": "no matches",
|
||||
|
||||
"appSecWarn": "Not Secure!",
|
||||
"appSecWarnBody1": "You have loaded this app with an insecure connection. Someone may be watching you and stealing your passwords. We strongly advise you to stop, unless you clearly understand what you're doing.",
|
||||
"appSecWarnBody2": "Yes, your database is encrypted but no one can guarantee that the app has not been modified on the way to you.",
|
||||
"appSecWarnBtn": "I understand the risks, continue",
|
||||
"appSecWarnBody1": "You have loaded this app with an insecure connection, please host it on HTTPS.",
|
||||
"appUnsavedWarn": "Unsaved changes!",
|
||||
"appUnsavedWarnBody": "You have unsaved files, if you close the app, changes will be lost.",
|
||||
"appDontExitBtn": "Don't exit",
|
||||
|
|
|
@ -5,6 +5,7 @@ Release notes
|
|||
`-` fixed calendar colors
|
||||
`+` option to open a keyfile from command line
|
||||
`+` master password confirmation
|
||||
`*` https is now required
|
||||
|
||||
##### v1.6.3 (2017-12-11)
|
||||
`-` fixed Windows installer upgrade issue
|
||||
|
|
Loading…
Reference in New Issue