Ilia Ross
Ilia Ross
> Also, I wonder if there's an HTTP header that we can set which provides a hint that the browser should upgrade to HTTPS? As far as I'm aware there...
> I don't see any security risk of users accessing Webmin in HTTP mode, because miniserv is unable to parse the request anyway, so it will never serve any content....
I'm not sure about that, sorry.
Also, it (secure cookie) doesn't protect against various downgrade attacks. The topic `secure cookie vs hsts` is discussed widely. I suggest having both is the right choice nowadays.
> Although, what if a user has Webmin proxied from HTTP to HTTPS? I assume that would be a problem of a proxy and its configuration. Besides, it wouldn't work...
The additional problem that comes with this is a lost buffer. It seems that it closes already opened project and then re-opens it. It results in smaller window size and...
Great! Thanks!
> It is certainly possible. It could be a valid feature request. Any luck with that?
Any progress with it? :slightly_smiling_face:
@troysjanda What is the output of the following command when run from the system where you see that false-positive update message? ``` curl https://www.virtualmin.com/software-latest ```