Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

SSL: stay on ssl when request is ssl #434

Closed
mworrell opened this Issue · 2 comments

2 participants

@mworrell
Owner

A new option: when we are handling a request via ssl, then keep all redirects etc under ssl.

The default is now to switch to non-ssl when ssl is not explicitly set.

@mworrell mworrell was assigned
@kaos
Owner

I assume this is to avoid mixing insecure and secure data on the same page. +1 :)

@mworrell
Owner

Also to make it easier to keep your session cookie secure. Maybe a side effect could be to set the 'secure' flag on the session cookie.

Maybe we should call it 'ssl_secure_session' and keep everything (and the session cookie) in SSL unless explicitly stated otherwise in the dispatch rule.

@mworrell mworrell closed this issue from a commit
@mworrell mworrell mod_ssl: Added mod_ssl, enables ssl certs per site. Removed ssl from …
…the core. Tuned dispatch rules for more secure usage. Fixes #434. Fixes #433.
54e60f6
@mworrell mworrell closed this in 54e60f6
@mawuli mawuli referenced this issue from a commit in mawuli/zotonic
@mworrell mworrell mod_ssl: Added mod_ssl, enables ssl certs per site. Removed ssl from …
…the core. Tuned dispatch rules for more secure usage. Fixes #434. Fixes #433.
6d3d719
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.