[ic] AlwaysSecure ExtraSecure issue
Paul Jordan
paul at gishnetwork.com
Fri May 3 16:18:11 UTC 2013
It appears that Interchange doesn't actually intercept requests for pages in
AlwaysSecure and tells Apache to deliver them under https. I think this is
not news. ExtraSecure, I believe, is suppose to treat a http:// requested
page listed in AlwaysSecure as a missing page - it just refuses to
acknowledge the pages existence.
That's cool. However, it appears that if you remove the '.html' and append a
'/' to a page in AlwaysSecure, Interchange will deliver the page via http
anyway...
AlwaysSecure login foo bar
ExtraSecure 1
http://www.server.com/login/
In my experience, this will deliver login.html over http only. I had to add
'login/' to AlwaysSecure to get the treatment back. I stumbled upon this in
trying to figure out how to force a page being requested externally, is
delivered in https.
Paul
More information about the interchange-users
mailing list