View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011196 | Taler | deployment and operations | public | 2026-03-04 23:02 | 2026-03-17 15:43 |
| Reporter | avalos | Assigned To | vecirex | ||
| Priority | urgent | Severity | major | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Target Version | 1.5 | Fixed in Version | 1.5 | ||
| Summary | 0011196: taler+http:// prefix used for QR template in iOS | ||||
| Description | The merchant was running a somewhat old iOS version on an iPad (don't know the exact version), and the QR template showed with the `taler+http://` prefix, which caused issues with the wallet regarding the non-HTTPS policy. | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
|
|
Ok, first of all my.taler-ops.ch INCORRECTLY *allows* HTTP! That's very bad, it should force-redirect clients from HTTP to HTTPS. In addition, we probably have some logic in Nginx that tells the taler-merchant-backend what protocol the client used, and then in combination we get to taler+http:// because the backend sees it is used via HTTP. So urgent fix: Always redirect http to https. Specifcally, do NOT allow this: $ telnet my.taler-ops.ch 80 Trying 2a01:4f8:1c1b:b857::1... Connected to my.taler-ops.ch. Escape character is '^]'. GET / HTTP/1.1 Host: my.taler-ops.ch HTTP/1.1 302 Found Server: nginx Date: Fri, 06 Mar 2026 14:39:11 GMT Content-Type: text/plain Content-Length: 22 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Location: /webui/ Redirecting to /webui/^ |
|
|
True that, fixed; w/ ACME exception for certbot; cf. sysadmin git:kamek@magikoopa ~ % curl -I http://my.taler-ops.ch/ HTTP/1.1 302 Found Server: nginx Date: Tue, 17 Mar 2026 14:18:33 GMT Content-Type: text/plain Content-Length: 22 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Location: /webui/ kamek@magikoopa ~ % curl -I http://my.taler-ops.ch/ HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 17 Mar 2026 14:25:24 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://my.taler-ops.ch/ |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-03-04 23:02 | avalos | New Issue | |
| 2026-03-04 23:02 | avalos | File Added: image.png | |
| 2026-03-06 15:41 | Christian Grothoff | Note Added: 0028018 | |
| 2026-03-06 15:41 | Christian Grothoff | Assigned To | => vecirex |
| 2026-03-06 15:41 | Christian Grothoff | Status | new => assigned |
| 2026-03-06 15:42 | Christian Grothoff | Priority | normal => urgent |
| 2026-03-06 15:42 | Christian Grothoff | Severity | minor => major |
| 2026-03-06 15:42 | Christian Grothoff | Category | merchant backoffice SPA => deployment and operations |
| 2026-03-06 15:42 | Christian Grothoff | Target Version | => 1.5 |
| 2026-03-17 15:27 | vecirex | Note Added: 0028144 | |
| 2026-03-17 15:28 | vecirex | Status | assigned => resolved |
| 2026-03-17 15:28 | vecirex | Resolution | open => fixed |
| 2026-03-17 15:29 | Christian Grothoff | Fixed in Version | => 1.5 |
| 2026-03-17 15:43 | vecirex | Note Edited: 0028144 |
