Forwarded to devs allow_insecure_sites=false locked SSL options in customer level

[nethubonline]

User name: nethubonline

TITLE

allow_insecure_sites=false locked SSL options in customer level

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.28 Update #2

PROBLEM DESCRIPTION

Service plan with "-manage_phosting true -allow_insecure_sites false" locks the SSL options in customer level, customer cannot disable the SSL by themselves. I found this problem did not exist in Plesk 17.8 .

STEPS TO REPRODUCE

plesk bin service_plan -c "Plan_A" -manage_phosting true -allow_insecure_sites false
plesk bin customer --create test-a.com -name test-a.com -passwd "abc1234@XYZ"
plesk bin subscription --create test-a.com -owner test-a.com -service-plan "Plan_A" -login test-a -passwd "abc1234@XYZ" -ip 1.2.3.4

plesk bin service_plan -c "Plan_B" -manage_phosting true -allow_insecure_sites true
plesk bin customer --create test-b.com -name test-b.com -passwd "abc1234@XYZ"
plesk bin subscription --create test-b.com -owner test-b.com -service-plan "Plan_B" -login test-b -passwd "abc1234@XYZ" -ip 1.2.3.4

ACTUAL RESULT

Login as customer "test-a.com" > Hosting Settings > SSL/TLS support & SEO redirect are locked





Login as customer "test-b.com" > Hosting Settings > SSL/TLS support & SEO redirect are NOT locked



EXPECTED RESULT

SSL/TLS support and SEO redirect are not locked






ANY ADDITIONAL INFORMATION

According to Plesk doc, allow_insecure_sites is for web hosting scripting, which should not affects SSL.

"Allows or prohibits overriding server-wide security policy on web hosting scripting options, if the policy is set up."
service_plan: Hosting Plans

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[IgorG]

Thank you for the report. The issue was confirmed and submitted as PPPM-12160