From ce2c89aa50f69323e1f66bb2b44ae7c3312daec7 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Wed, 13 Dec 2017 15:48:44 +0000
Subject: [PATCH] Login form: disallow connecting to HTTP addresses in
 production.

---
 src/LoginForm.tsx | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/LoginForm.tsx b/src/LoginForm.tsx
index c84dd12..9cf310a 100644
--- a/src/LoginForm.tsx
+++ b/src/LoginForm.tsx
@@ -73,9 +73,18 @@ class LoginForm extends React.Component {
     if (!encryptionPassword) {
       errors.errorEncryptionPassword = fieldRequired;
     }
+
+    if (process.env.NODE_ENV !== 'development') {
+      if (this.state.showAdvanced && !this.state.server.startsWith('https://')) {
+        errors.errorServer = 'Server URI must start with https://';
+      }
+    }
+
     if (Object.keys(errors).length) {
       this.setState({errors: errors});
       return;
+    } else {
+      this.setState({errors: {}});
     }
 
     this.props.onSubmit(username, password, encryptionPassword, server);