Skip to content

Enforce TLS when HTTPS Mode is enabled #1092

New issue
New issue
Open
Feature
#1093
Open
Enforce TLS when HTTPS Mode is enabled#1092
Feature
#1093
@DigitalDJ

Description

@DigitalDJ
DigitalDJ
opened on Dec 23, 2025

A note for the community

Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.

Disclaimer

  • I have read and understood the disclaimer.
  • I plan to implement the feature myself.

Subsystem

{"UI" => "Application"}

Feature description

Currently, when HTTPS mode is enabled, the server still responds normally via HTTP.

It is preferred that there is an option to redirect all HTTP requests to HTTPS to prevent any credential or token leakage.

This would help prevent any MITM attacks, both via sniffing traffic or downgrading HTTPS to HTTP.

Currently, the initial login sends the login password in plaintext in a POST request. This is easily obtainable without the use of TLS.

Combined with HSTS headers, this would force browsers to always connect to the JetKVM securely when a user accesses the host via plain HTTP.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions