Quantcast
Channel: Joomla! Forum - community, help and support
Viewing all articles
Browse latest Browse all 1010

Security in Joomla! 4.x • Some Ajax calls bypassing https and dropping to http

$
0
0
While comparing http to https logs (J4) I noticed a few URLs are coming down in the former (eg plaintext) when I'm expecting everything nice & tidy in TLS.

Some of the common players (Shortened for brevity):
GET /administrator/index.php?option=com_joomlaupdate&task=update.ajax&36893(etc)=1
GET /administrator/index.php?option=com_installer&view=update&task=update.ajax&36893(etc)=1skip=224
GET /administrator/index.php?option=com_privacy&task=getNumberUrgentRequests&format=json&36893(etc)
GET /administrator/index.php?option=com_templates&view=templates&task=template.ajax&36893(etc)=1

It's not a lot but I'm worried that my browser may have leaked my administrator session variables & cookies along with those calls. Can anyone direct me if there's an existing discussion on this?

Note: (a) Site is configured to Force HTTPS (b) I could certainly enforce with .htaccess but I feel the browser would still push the sensitive content out there before seeing the 301

Statistics: Posted by KennethH — Tue Oct 15, 2024 8:30 pm



Viewing all articles
Browse latest Browse all 1010

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>