[BUG] Strange App Behavior When Sending HTTP traffic to HTTPS

[hunllef]

Description of the Bug

Mistyped my server's URL when setting up the Stump iOS app; caused some interesting behavior where the app would infinitely spam request authentications.

Expected Behavior

The app works when actually inputting the correct URL, but I figured it probably shouldn't freak out like this if HTTPS is typo'd to HTTP.
Maybe a max auth attempt limit, reminder to check URL, etc?

To Reproduce

Steps to reproduce the behavior:

1. Set up a new Stump instance in the iOS app
2. Select "basic auth" and input your user/pass
3. Input the HTTPS server's url as HTTP instead
4. Behold!

Screenshots

spamauth.mov

Environment:

• OS: iOS 26.1 / Ubuntu Server 24.04
• Device: iPhone 16 Pro

Build Details:

• Version: experimental
• Docker: yes

[aaronleopold]

The app works when actually inputting the correct URL, but I figured it probably shouldn't freak out like this if HTTPS is typo'd to HTTP

Haha yeah it definitely shouldn't

Thank you for the thorough bug report! This is probably an easy one to fix, so I'll try to squeeze it in one of the next couple of builds.

Edit: Actually I'm curious, does your instance have some network config that rejects HTTP and if so what is the response? I am unable to replicate this locally, so it might be a specific response that triggers it

[hunllef]

Ah, right, I do!
I have "Force SSL" enabled in Node Proxy Manager.
Disabling that allows the connection as expected.

Though, I'm no longer able to reliably reproduce this on build 89.
Usually, just a singular login prompt appears.

I've only seen it happen once on this latest build out of ~100 tries.

edit: Managed to replicate it, along with some weird flashing.

8mb.video-xVx-LrZBtBQV.mp4

With enforce SSL disabled, I was previously able to connect over HTTP. Can't anymore, dunno what that's about, might be my setup.

[hunllef]

Logs from around that timestamp, same error repeated:

…more above…

  2026-01-22T06:31:55.292644Z ERROR stump_server::errors: API error response, error: APIErrorResponse { status: 401, message: "Unauthorized" }
    at apps/server/src/errors.rs:326
    in stump_server::middleware::auth::auth_middleware

  2026-01-22T06:31:55.292822Z ERROR stump_server::errors: API error response, error: APIErrorResponse { status: 401, message: "Unauthorized" }
    at apps/server/src/errors.rs:326
    in stump_server::middleware::auth::auth_middleware

  2026-01-22T06:31:55.835402Z ERROR stump_server::errors: API error response, error: APIErrorResponse { status: 401, message: "Unauthorized" }
    at apps/server/src/errors.rs:326
    in stump_server::middleware::auth::auth_middleware

  2026-01-22T06:31:56.545408Z ERROR stump_server::errors: API error response, error: APIErrorResponse { status: 401, message: "Unauthorized" }
    at apps/server/src/errors.rs:326
    in stump_server::middleware::auth::auth_middleware

  2026-01-22T06:31:57.485920Z ERROR stump_server::errors: API error response, error: APIErrorResponse { status: 401, message: "Unauthorized" }
    at apps/server/src/errors.rs:326
    in stump_server::middleware::auth::auth_middleware

…more below…