-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XrdHttpExtReq should expose protocol used #619
Comments
Hi Brian,
uhm, can't you check the DN ?
f
…On 12.11.17 10:38, Brian Bockelman wrote:
In my external handler, I want to refuse certain actions unless they
were done via HTTPS.
However, there's no way to determine whether the current request came in
via HTTP or HTTPS. Can we add this as a field to the request?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#619>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AD7Yjm5I6nwPsFo_u-CrAActXyRWu4Urks5s1rypgaJpZM4Qa0X3>.
------------------------------------------------------------------------
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|
It's not a safe assumption that any DN is present, especially as we start to transition away from client certificates... |
Ok. Would it be fine for you to use SecEntity.prot and check for "http" or "https" into it ? Please be aware that one can always use the self-redirection https->http |
Yes, filling in I'm doing this to avoid:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In my external handler, I want to refuse certain actions unless they were done via HTTPS.
However, there's no way to determine whether the current request came in via HTTP or HTTPS. Can we add this as a field to the request?
The text was updated successfully, but these errors were encountered: