From patchwork Mon Dec 14 09:07:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1415853 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=jkW92AAi; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CvbFw5PHrz9sSC for ; Mon, 14 Dec 2020 20:10:28 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=NozWiPe9PHxU7sjI0IQ50w0E0/s3Hr7top6lvpw+DSg=; b=jkW92AAi0TQzUVQowKPy6TdpEl vThui2WIyPP4uNEjnQ7ZAQAS/720kHi/clunComUKpv303WVqOKLqc5+zmBSJlgdGpx3VKCz4RV+V fujI+r2Pas/DpudCM+ABJpjdgEb1bgZV5PnWKxWV9lThXPl937i8nSqqh7M2E464khv+jJyrZ8mjs sh5b/WJBVvAR4G1me89f2up5Q3y+EoWfEXgJft+wEBktKNDlKUHLj9kWF0W4nPqvRSkaEUfoj6MxI o5pcG5VJqogPmfhNusd+SqapDFzfwHkV93/LuqZuMJzSnadeOPDFuCX1OAFvK9KH8pA02PFnSaJS0 S0GT1Puw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kojpi-0000ci-UH; Mon, 14 Dec 2020 09:07:54 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kojpf-0000cO-LG for openwrt-devel@lists.openwrt.org; Mon, 14 Dec 2020 09:07:52 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 600C418533; Mon, 14 Dec 2020 10:07:48 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id a7b5f9b8; Mon, 14 Dec 2020 10:07:30 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH] uhttpd: don't redirect to HTTPS by default Date: Mon, 14 Dec 2020 10:07:43 +0100 Message-Id: <20201214090743.14651-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201214_040751_881959_A362B646 X-CRM114-Status: GOOD ( 19.31 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org So we can ship px5g-wolfssl by default in the release image, but still make the HTTPS for LuCI optional. This small change with addition of `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the next release should provide optional HTTPS in the next release. Disabling the current default automatic uhttpd's redirect to HTTPS should make the HTTPS optional. That's it, user would either need to switch to HTTPS by manually switching to https:// protocol in the URL or by issuing the following commands to make the HTTPS automatic redirect permanent: $ uci set uhttpd.main.redirect_https=1 $ uci commit uhttpd $ service uhttpd reload Signed-off-by: Petr Štetiar Acked-by: Paul Spooren --- package/network/services/uhttpd/files/uhttpd.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config index aeded08afc95..40ce67fd010f 100644 --- a/package/network/services/uhttpd/files/uhttpd.config +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -10,7 +10,7 @@ config uhttpd main list listen_https [::]:443 # Redirect HTTP requests to HTTPS if possible - option redirect_https 1 + option redirect_https 0 # Server document root option home /www