Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better support for https #283

Closed
wants to merge 2 commits into from
Closed

Better support for https #283

wants to merge 2 commits into from

Conversation

SimonSimCity
Copy link
Contributor

I took a couple of minutes to add a first approach for better SSL support.

One issue I found: If you have a webserver and do not require a scheme, you can actually (according to sf2) use both, but the documentation here requires http. I don't know how I could then probably handle it, if the route requires http and does not allow https.

Therefore you currently cannot test routes, allowing https and http, using a secured connection. Feel free to change that ...

Should fix #266

stof
stof reviewed Nov 22, 2013
View reviewed changes
Resources/views/method.html.twig
<h4>Parameters</h4>
{% for name, infos in data.parameters %}
{% if not infos.readonly %}
{% if app.request.secure != data.https %}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if the route does not define a scheme requirement, and so can be used for both HTTP and HTTPS ?
It is quite uncommon to have a route forcing you to use HTTP only

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't work if you haven't set the Access-Control-Allow-Origin header.

You just see a response - or maybe not - depending on the browser you use.

Chrome shows 

0 error
as response headers and Firefox shows 
0 [Exception... ""  nsresult: "0x805e0006 ()"  location: "JS frame :: https://domain.local/docs#get--latest :: .send :: line 592"  data: no]

I anyways can't really differ between routes forced to http, or routes, where both (secure and unsecure connections) are allowed. Therefore I'd rather keep it like that.

@SimonSimCity
Copy link
Contributor Author

Is there a chance, this can get merged soon? :)

@willdurand
Copy link
Collaborator

@SimonSimCity please squash your commits, and rebase your PR.

@SimonSimCity SimonSimCity mentioned this pull request Dec 18, 2013
Closed
willdurand added a commit that referenced this pull request Dec 28, 2013
@willdurand
Merge PR #299 from SimonSimCity/https-fixes
6038fe8 
Fix #266
Close #283
Close #299
@tonivdv tonivdv mentioned this pull request Mar 11, 2014
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Better support for https
3 participants
@SimonSimCity @willdurand @stof