When not setting an endpoint protocol scheme at login, "http" was assumed. Changing this to the same protocol as current one, to avoid mixed blocked content. Also prevent multiple submissions of LoginForm.