[ic] ExtraSecure and special_pages/violation

Jon Jensen jon at endpoint.com
Fri Dec 18 22:08:08 UTC 2009

On Thu, 17 Dec 2009, Thomas J.M. Burton wrote:

> Upon further evaluation, it seems that the most appropriate solution to
> this would be to revise lib/Vend/Page.pm and change the way that
> AlwaysSecure pages are handled when ExtraSecure is enabled.
> Specifically, that would be lines 105-109:
>         if($Vend::Cfg->{ExtraSecure} and
>                 $Vend::Cfg->{AlwaysSecure}->{$name}
>                 and !$CGI::secure) {
>                 $name = find_special_page('violation');
>         }
> Rather than sending users to the violation page in that situation, 
> shouldn't it be redirecting the requested URL via https? Unless there's 
> a reason for sending those requests to the violation page, that would 
> seem like the most efficient solution. Otherwise, the checks performed 
> in Page.pm would need to be repeated in the violation page, which seems 
> redundant and inefficient.
> If changing Page.pm would be the appropriate solution, I'm not sure of 
> the most efficient way to do so.

Good points.

See the code for BounceReferrals in Vend::Dispatch for an example of how 
to redirect.

Let me know if you get stuck on the coding.



Jon Jensen
End Point Corporation

More information about the interchange-users mailing list