Jamie Cameron

An rsync module is still a good suggestion, but we haven't gotten to it yet.

What effect will this have in practice? I found that with the current code, the error message isn't even visible as it's immediately redirected away ..

I'm worried though that if the JS does fail entirely, the user will just see an empty page and have no idea what to do ..

> and if that fails a user would be able to just click the link But that's basically how it works before this PR?

Honestly I think this change is just getting too complex for the problem it's solving. Let's just leave the current code, which works fine even if occasionally the user sees...

Also, I wonder if there's an HTTP header that we can set which provides a hint that the browser should upgrade to HTTPS?

I don't see any security risk of users accessing Webmin in HTTP mode, because miniserv is unable to parse the request anyway, so it will never serve any content. For...

Aren't we protected from clients sending cookies in the wrong mode via the `secure` tag that's added to cookies here : https://github.com/webmin/webmin/blob/master/miniserv.pl#L4263

Agreed, I think the HSTS header is a good idea ... Although, what if a user has Webmin proxied from HTTP to HTTPS?

We should log these to /var/webmin/miniserv.error already ?