fix

Author: wxiaoguang

web_src/js/features/common-page.ts

@@ -91,3 +91,12 @@ export function checkAppUrl() {
   showGlobalErrorMessage(`Your ROOT_URL in app.ini is "${appUrl}", it's unlikely matching the site you are visiting.
 Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.`, 'warning');
 }
+
+export function checkAppUrlScheme() {
+  const curUrl = window.location.href;
+  // some users visit "http://domain" while appUrl is "https://domain", COOKIE_SECURE makes it impossible to sign in
+  if (curUrl.startsWith('http:') && appUrl.startsWith('https:')) {
+    showGlobalErrorMessage(`Your ROOT_URL in app.ini "${appUrl}" uses HTTPS, it doesn't match the HTTP site you are visiting.
+Mismatched ROOT_URL config would cause problems for sign-in/sign-up, etc.`, 'warning');
+  }
+}

web_src/js/features/user-auth.ts

@@ -1,15 +1,17 @@
-import {checkAppUrl} from './common-page.js';
+import {checkAppUrl, checkAppUrlScheme} from './common-page.ts';
 
 export function initUserCheckAppUrl() {
   if (!document.querySelector('.page-content.user.signin, .page-content.user.signup, .page-content.user.link-account')) return;
-  checkAppUrl();
+  checkAppUrlScheme();
 }
 
 export function initUserAuthOauth2() {
   const outer = document.querySelector('#oauth2-login-navigator');
   if (!outer) return;
   const inner = document.querySelector('#oauth2-login-navigator-inner');
 
+  checkAppUrl();
+
   for (const link of outer.querySelectorAll('.oauth-login-link')) {
     link.addEventListener('click', () => {
       inner.classList.add('tw-invisible');