Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Console Service::call() service calls don't handle HTTPS sites well #2181

Closed
mapkyca opened this issue Sep 22, 2018 · 1 comment
Closed

Console Service::call() service calls don't handle HTTPS sites well #2181

mapkyca opened this issue Sep 22, 2018 · 1 comment

Comments

@mapkyca
Copy link
Member

mapkyca commented Sep 22, 2018

While trying to do this:

Make "loopback" service calls to https sites

I encountered this error:

Console services derive domain from KNOWN_DOMAIN or similar, and to construct a callable url for web service calls this automatically gets called as http:// which is not always correct.

This is (functionally) fine for GET, but POST calls will fail.
@mapkyca mapkyca mentioned this issue Sep 22, 2018
Merged
@mapkyca mapkyca changed the title Console Service::call() service calls don't handle HTTPS Console Service::call() service calls don't handle HTTPS sites well Sep 24, 2018
mapkyca added a commit to mapkyca/idno that referenced this issue Sep 28, 2018
@mapkyca
Adding HSTS support to Webservice
e6d4196 
HTTP Strict Security Policy is a method by which a web server can instruct a client to address any future requests to a secure endpoint to always use the secure endpoint.

Previously, if a Known webservice call was addressed at http://example.com but was forwarded to https://example.com, future requests would also follow the Location headers. 

Now, if HSTS headers are set on https://example.com, and are found to be valid, any future request to http://example.com will automatically be rewritten to call the secure endpoint.

Refs idno#2181
@mapkyca mapkyca mentioned this issue Sep 28, 2018
Merged
@mapkyca
Copy link
Member Author

mapkyca commented Oct 13, 2018

Actually, you can use config->url for this. Probably less of an issue, especially with the HSTS support added recently...

@mapkyca mapkyca closed this as completed Oct 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mapkyca