Permalink
Browse files

Add new AlwaysSecureGlob directive

It's not possible to enumerate all the admin URLs or ActionMaps that should be
generated secure-only, so this new directive allows matching.
  • Loading branch information...
1 parent fdaad55 commit b498ab78fabd77784f216e7f1dc050e5da5e52a9 @jonjensen jonjensen committed Mar 25, 2017
Showing with 16 additions and 5 deletions.
  1. +6 −0 dist/strap/catalog.cfg
  2. +3 −2 lib/Vend/Config.pm
  3. +7 −3 lib/Vend/Util.pm
View
@@ -364,6 +364,12 @@ AlwaysSecure <<EOD
query/order_detail
EOD
+AlwaysSecureGlob <<EOD
+ admin*,
+ cert*,
+ ui*,
+EOD
+
## Set this if you have a different secure server
#AlwaysSecure order ord/basket process
View
@@ -1,6 +1,6 @@
# Vend::Config - Configure Interchange
#
-# Copyright (C) 2002-2016 Interchange Development Group
+# Copyright (C) 2002-2017 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
#
# This program was originally based on Vend 0.2 and 0.3
@@ -54,7 +54,7 @@ use Vend::Data;
use Vend::Cron;
use Vend::CharSet ();
-$VERSION = '2.248';
+$VERSION = '2.249';
my %CDname;
my %CPname;
@@ -649,6 +649,7 @@ sub catalog_directives {
['OptionsAttribute', undef, ''],
['Options', 'locale', ''],
['AlwaysSecure', 'boolean', ''],
+ ['AlwaysSecureGlob', 'list_wildcard_full', ''],
['Password', undef, ''],
['AdminSub', 'boolean', ''],
['ExtraSecure', 'yesno', 'No'],
View
@@ -1,6 +1,6 @@
# Vend::Util - Interchange utility functions
#
-# Copyright (C) 2002-2016 Interchange Development Group
+# Copyright (C) 2002-2017 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
#
# This program was originally based on Vend 0.2 and 0.3
@@ -102,7 +102,7 @@ use Vend::Safe;
use Vend::File;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = '2.128';
+$VERSION = '2.129';
my $Eval_routine;
my $Eval_routine_file;
@@ -1382,7 +1382,11 @@ sub vendUrl {
$opt->{secure} = $CGI::secure;
}
- if($opt->{secure} or exists $Vend::Cfg->{AlwaysSecure}{$path}) {
+ my $asg = $Vend::Cfg->{AlwaysSecureGlob};
+ if ($opt->{secure}
+ or exists $Vend::Cfg->{AlwaysSecure}{$path}
+ or ($asg and $path =~ $asg)
+ ) {
$r = $Vend::Cfg->{SecureURL};
}

0 comments on commit b498ab7

Please sign in to comment.