Changes between Version 1 and Version 5 of Ticket #28359


Ignore:
Timestamp:
Jul 5, 2017, 7:19:45 AM (7 years ago)
Author:
Tim Graham
Comment:

I'm not sure if using SecurityMiddelware to do canonical URL redirection (not a security-related thing, really) is a proper separation of concerns.

Also, doesn't the patch have the possibility to be backwards incompatible? Currently with SECURE_SSL_HOST set, I think it's possible to directly access different secure subdomains. I believe this proposal prohibits that as all secure requests will be redirected to SECURE_SSL_HOST.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #28359

    • Property Has patch set
    • Property Owner changed from nobody to Irindu Indeera
    • Property Status newassigned

  • Ticket #28359 – Description

    v1 v5  
    3030
    3131It seems to me that setting `SECURE_SSL_REDIRECT` and `SECURE_SSL_HOST` should also handle the case where 1. a request already uses a secure connection but 2. the host does not equal `SECURE_SSL_HOST`.
    32 
    33 (Categorized as new feature because that's more fun.)
Back to Top