feat(editor): Block the frontend when trying to access n8n from another host over http (#8906)

packages/editor-ui/src/stores/__tests__/posthog.test.ts

@@ -7,6 +7,7 @@ import { useTelemetryStore } from '@/stores/telemetry.store';
 import type { IN8nUISettings } from 'n8n-workflow';
 import { LOCAL_STORAGE_EXPERIMENT_OVERRIDES } from '@/constants';
 import { nextTick } from 'vue';
+import { defaultSettings } from '../../__tests__/defaults';
 
 const DEFAULT_POSTHOG_SETTINGS: IN8nUISettings['posthog'] = {
 	enabled: true,
@@ -21,6 +22,7 @@ const CURRENT_INSTANCE_ID = '456';
 
 function setSettings(overrides?: Partial<IN8nUISettings>) {
 	useSettingsStore().setSettings({
+		...defaultSettings,
 		posthog: DEFAULT_POSTHOG_SETTINGS,
 		instanceId: CURRENT_INSTANCE_ID,
 		...overrides,

packages/editor-ui/src/stores/settings.store.ts

@@ -9,7 +9,12 @@ import {
 import { getPromptsData, getSettings, submitContactInfo, submitValueSurvey } from '@/api/settings';
 import { testHealthEndpoint } from '@/api/templates';
 import type { EnterpriseEditionFeature } from '@/constants';
-import { CONTACT_PROMPT_MODAL_KEY, STORES, VALUE_SURVEY_MODAL_KEY } from '@/constants';
+import {
+	CONTACT_PROMPT_MODAL_KEY,
+	STORES,
+	VALUE_SURVEY_MODAL_KEY,
+	INSECURE_CONNECTION_WARNING,
+} from '@/constants';
 import type {
 	ILdapConfig,
 	IN8nPromptResponse,
@@ -248,6 +253,15 @@ export const useSettingsStore = defineStore(STORES.SETTINGS, {
 				useRootStore().setVersionCli(settings.versionCli);
 			}
 
+			if (
+				settings.authCookie.secure &&
+				location.protocol === 'http:' &&
+				!['localhost', '127.0.0.1'].includes(location.hostname)
+			) {
+				document.write(INSECURE_CONNECTION_WARNING);
+				return;
+			}
+
 			const isV1BannerDismissedPermanently = (settings.banners?.dismissed || []).includes('V1');
 			if (!isV1BannerDismissedPermanently && useRootStore().versionCli.startsWith('1.')) {
 				useUIStore().pushBannerToStack('V1');