prevent http redirection

iOSClient/Login/NCLoginWeb.swift

@@ -131,6 +131,16 @@ extension NCLoginWeb: WKNavigationDelegate {
         
         let urlString: String = url.absoluteString.lowercased()
         
+        // prevent http redirection
+        if urlBase.lowercased().hasPrefix("https://") && urlString.lowercased().hasPrefix("http://") {
+            let alertController = UIAlertController(title: NSLocalizedString("_error_", comment: ""), message: NSLocalizedString("_prevent_http_redirection_", comment: ""), preferredStyle: .alert)
+            alertController.addAction(UIAlertAction(title: NSLocalizedString("_ok_", comment: ""), style: .default, handler: { action in
+                _ = self.navigationController?.popViewController(animated: true)
+            }))
+            self.present(alertController, animated: true)
+            return
+        }
+        
         if (urlString.hasPrefix(NCBrandOptions.shared.webLoginAutenticationProtocol) == true && urlString.contains("login") == true) {
             
             var server: String = ""

iOSClient/Supporting Files/en.lproj/Localizable.strings

@@ -176,6 +176,7 @@
 "_copy_failed_"             = "Copy failed";
 "_certificate_installed_"   = "Certificate installed";
 "_want_delete_account_"     = "Do you want to delete the account %@";
+"_prevent_http_redirection_"= "The redirection in http is not permitted";
 
 /* Background of the file listing view */
 "_use_as_background_"       = "Use it as a background";