You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Console services derive domain from KNOWN_DOMAIN or similar, and to construct a callable url for web service calls this automatically gets called as http:// which is not always correct.
This is (functionally) fine for GET, but POST calls will fail.
The text was updated successfully, but these errors were encountered:
mapkyca
changed the title
Console Service::call() service calls don't handle HTTPS
Console Service::call() service calls don't handle HTTPS sites well
Sep 24, 2018
mapkyca
added a commit
to mapkyca/idno
that referenced
this issue
Sep 28, 2018
HTTP Strict Security Policy is a method by which a web server can instruct a client to address any future requests to a secure endpoint to always use the secure endpoint.
Previously, if a Known webservice call was addressed at http://example.com but was forwarded to https://example.com, future requests would also follow the Location headers.
Now, if HSTS headers are set on https://example.com, and are found to be valid, any future request to http://example.com will automatically be rewritten to call the secure endpoint.
Refs idno#2181
While trying to do this:
Make "loopback" service calls to https sites
I encountered this error:
Console services derive domain from KNOWN_DOMAIN or similar, and to construct a callable url for web service calls this automatically gets called as http:// which is not always correct.
This is (functionally) fine for GET, but POST calls will fail.
The text was updated successfully, but these errors were encountered: