Enforce HTTPS link in mail

[kosli]

Hi

I have the self-service-password tool as a docker image which is automatically proxied thru a let's encrypt HTTPS proxy docker, which means that the tool itself is reached via a HTTP url. Still the users accesses it via HTTPS. The URL that is generated in the mail for a password reset, is still using HTTP (because the tool itself sees only the HTTP access). Would it be possible to add a config option to enforce HTTPS urls? or even provide the "base URL"?

Thanks for this great tool!

KoS

[plewin]

Hi Kosli,

The reset URL can be customized in the config file.

self-service-password/conf/config.inc.php

Line 190 in e90645d

#$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];

Which docker image are you using ? You may want to check if your docker image supports this feature.

# Reset URL (if behind a reverse proxy)
#$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];

[kosli]

@plewin OMG, i have completely overseen that option, shame on me!
Just changed it, works like a charm.
I am using the Docker image here https://github.com/grams/docker-LTB-self-service-password which I have updated to v1.0 of the tool.