From 15265c50c234a348e1a1672e30aef08bf727a8cf Mon Sep 17 00:00:00 2001
From: Carlos <28845529+mesacarlos@users.noreply.github.com>
Date: Tue, 24 Sep 2019 11:55:07 +0200
Subject: [PATCH] Prevent connections to no-SSL servers from HTTPS host

---
 README.md                                 | 2 +-
 client/index.html                         | 3 ++-
 client/scripts/WebConsoleJqueryHandler.js | 7 +++++++
 client/scripts/WebConsoleLanguage.js      | 6 ++++++
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index d4b9264..f14ea64 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ Fill `host`, `port` and `password` values. They are, respectively, your server I
 
 Also, you can modify `language` to view console and command messages in your preferred language. Valid languages are English (`en`), Spanish (`es`), Portuguese (`pt`), Russian (`ru`) and Chinese (`zh`). **IMPORTANT: There is a known issue with Microsoft Windows cmd that shows weird characters when using a language different than English. If you are using Windows to host your server, check [this wiki page](https://github.com/mesacarlos/WebConsole/wiki/Show-local-characters-in-Windows-Console) to solve the problem**.
 
-You can see a tutorial on how to activate SSL [in this link](https://github.com/mesacarlos/WebConsole/wiki/SSL-Configuration). SSL **is not** required for WebConsole to work, you can still use it without encription.
+You can see a tutorial on how to activate SSL [in this link](https://github.com/mesacarlos/WebConsole/wiki/SSL-Configuration). SSL **is not** required for WebConsole to work, you can still use it without encription, unless you are hosting your client in a HTTPS server, in this case is mandatory to enable SSL in all your servers due to web browsers restrictions.
 
 
 ## Using web interface
diff --git a/client/index.html b/client/index.html
index 894af76..5c17b13 100644
--- a/client/index.html
+++ b/client/index.html
@@ -145,6 +145,7 @@
 							<div class="form-check">
 								<input class="form-check-input" type="checkbox" id="server-ssl">
 								<label class="form-check-label" for="server-ssl" id="addServerModalSvSsl">Server is SSL enabled</label>
+								<div class="text-danger" id="addServerModalSslAdvice"></div>
 							</div>
 						</form>
 					</div>
@@ -211,7 +212,7 @@
 		<!-- Webpage footer -->
 		<footer class="footer mt-auto py-3">
 			<div class="container">
-				<span class="text-muted">WebConsole v1.4 - <a href="https://github.com/mesacarlos/WebConsole">GitHub</a></span>
+				<span class="text-muted">WebConsole v1.4 (rev. 1) - <a href="https://github.com/mesacarlos/WebConsole">GitHub</a></span>
 			</div>
 		</footer>
 		
diff --git a/client/scripts/WebConsoleJqueryHandler.js b/client/scripts/WebConsoleJqueryHandler.js
index b10463c..3dffc0f 100644
--- a/client/scripts/WebConsoleJqueryHandler.js
+++ b/client/scripts/WebConsoleJqueryHandler.js
@@ -11,6 +11,13 @@ $(document).ready(function() {
 	$("#serverContainer").hide();
 	setLanguage(persistenceManager.getLanguage());
 	updateServerList();
+
+	//Check SSL host
+	if (location.protocol != 'https:'){
+		$("#addServerModalSslAdvice").hide();
+	}else{
+		$("#server-ssl").prop("disabled", true);
+	}
 });
 
 /**
diff --git a/client/scripts/WebConsoleLanguage.js b/client/scripts/WebConsoleLanguage.js
index 7e31add..7d13994 100644
--- a/client/scripts/WebConsoleLanguage.js
+++ b/client/scripts/WebConsoleLanguage.js
@@ -23,6 +23,7 @@ function setLanguage(locale){
 				"addServerModalSvIp": "Server IP:",
 				"addServerModalSvPort": "WebConsole port:",
 				"addServerModalSvSsl": "Server is SSL enabled",
+				"addServerModalSslAdvice": "SSL is required for HTTPS client connections",
 				"addServerModalClose": "Close",
 				"saveAndConnectServerButton": "Save and connect",
 				"passwordModalLongTitle": "Password required",
@@ -54,6 +55,7 @@ function setLanguage(locale){
 				"addServerModalSvIp": "IP del servidor:",
 				"addServerModalSvPort": "Puerto WebConsole:",
 				"addServerModalSvSsl": "SSL está activado",
+				"addServerModalSslAdvice": "Te estás conectando al cliente por HTTPS, por tanto SSL es obligatorio",
 				"addServerModalClose": "Cerrar",
 				"saveAndConnectServerButton": "Guardar y conectar",
 				"passwordModalLongTitle": "Se necesita contraseña",
@@ -85,6 +87,7 @@ function setLanguage(locale){
 				"addServerModalSvIp": "IP сервера:",
 				"addServerModalSvPort": "Порт WebConsole:",
 				"addServerModalSvSsl": "Сервер с поддержкой SSL",
+				"addServerModalSslAdvice": "",
 				"addServerModalClose": "Закрыть",
 				"saveAndConnectServerButton": "Сохранить и подключить",
 				"passwordModalLongTitle": "Требуется пароль",
@@ -115,6 +118,7 @@ function setLanguage(locale){
 				"addServerModalSvIp": "IP:",
 				"addServerModalSvPort": "Porta(config.yml):",
 				"addServerModalSvSsl": "SSL do servidor está habilitado ?",
+				"addServerModalSslAdvice": "",
 				"addServerModalClose": "Fechar",
 				"saveAndConnectServerButton": "Salvar e conectar",
 				"passwordModalLongTitle": "Necessário uma senha",
@@ -146,6 +150,7 @@ function setLanguage(locale){
 				"addServerModalSvIp": "服务器IP地址:",
 				"addServerModalSvPort": "WebConsole端口:",
 				"addServerModalSvSsl": "服务器已开启SSL",
+				"addServerModalSslAdvice": "",
 				"addServerModalClose": "关闭",
 				"saveAndConnectServerButton": "保存并连接",
 				"passwordModalLongTitle": "需要密码",
@@ -178,6 +183,7 @@ function setLanguage(locale){
 	document.getElementById("addServerModalSvIp").textContent = lang.addServerModalSvIp;
 	document.getElementById("addServerModalSvPort").textContent = lang.addServerModalSvPort;
 	document.getElementById("addServerModalSvSsl").textContent = lang.addServerModalSvSsl;
+	document.getElementById("addServerModalSslAdvice").textContent = lang.addServerModalSslAdvice;
 	document.getElementById("addServerModalClose").textContent = lang.addServerModalClose;
 	document.getElementById("saveAndConnectServerButton").textContent = lang.saveAndConnectServerButton;
 	document.getElementById("passwordModalLongTitle").textContent = lang.passwordModalLongTitle;