Excerpts from Simon HANNA's message of June 14, 2017 1:06 pm:
You are supposed to force https in the webserver, serving postorius and hyperkitty. Especially in postorius almost all pages contain sensitive information.
On June 14, 2017 10:05:59 PM GMT+02:00, Bill <bill3@uniserve.com> wrote:
Hi folks,
We're setting up Mailman 3.1 and so far installation has been good and we're now in the testing phase.
We've run into a snag with the account signup function on Postorius.
When Postorius sends an email to the user to confirm their address, it displays a link using the https protocol. This doesn't work. But, if we
manually change the protocol to http it will work, confirm the address and take us back to Postorius.
Is this a known bug or have we committed a configuration error?
I agree to Simon's suggestion that you should use HTTPS for all communications for Postorius. However, if you really want to, it is possible to change the behavior using a configuration parameter in django-allauth which is what controls the user signup and email verification.
ACCOUNT_DEFAULT_HTTP_PROTOCOL (=”http”)
If you set the above to "http" in your django's settings.py, it should then generate urls with http.
Message-ID: <draft-878tktptc9.fsf@gmail.com> Date: Thu, 15 Jun 2017 01:07:18 -0700 X-Notmuch-Emacs-Draft: True
-- thanks, Abhilash Raj