[ic] RFC: New AlwaysSecureGlob directive

Peter peter at pajamian.dhs.org
Sun Mar 26 01:22:09 UTC 2017

On 26/03/17 13:38, Jon Jensen wrote:
> But for many legacy sites it's still going to be years before we can do
> that due to numerous dependencies on the plain HTTP URLs.

This depends largely on sites dependence on hard-coded URLs.  If sites
(even legacy ones) stick the use of the [area] tag and other mechanisms
that check VendURL then the transition is relatively easy.

That said, I'm not opposed to adding this directive, I think it's a good
idea and don't see any particular issues with the functionality itself.
I just think that if someone is going to use it it may very well be a
good time to re-think your approach and consider a change to full https


More information about the interchange-users mailing list