Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Console Service::call() service calls don't handle HTTPS sites well #2181

Closed
mapkyca opened this Issue Sep 22, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@mapkyca
Copy link
Member

commented Sep 22, 2018

While trying to do this:

Make "loopback" service calls to https sites

I encountered this error:

Console services derive domain from KNOWN_DOMAIN or similar, and to construct a callable url for web service calls this automatically gets called as http:// which is not always correct.

This is (functionally) fine for GET, but POST calls will fail.

@mapkyca mapkyca changed the title Console Service::call() service calls don't handle HTTPS Console Service::call() service calls don't handle HTTPS sites well Sep 24, 2018

mapkyca added a commit to mapkyca/idno that referenced this issue Sep 28, 2018

Adding HSTS support to Webservice
HTTP Strict Security Policy is a method by which a web server can instruct a client to address any future requests to a secure endpoint to always use the secure endpoint.

Previously, if a Known webservice call was addressed at http://example.com but was forwarded to https://example.com, future requests would also follow the Location headers. 

Now, if HSTS headers are set on https://example.com, and are found to be valid, any future request to http://example.com will automatically be rewritten to call the secure endpoint.

Refs idno#2181
@mapkyca

This comment has been minimized.

Copy link
Member Author

commented Oct 13, 2018

Actually, you can use config->url for this. Probably less of an issue, especially with the HSTS support added recently...

@mapkyca mapkyca closed this Oct 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.