[ic] RFC: New AlwaysSecureGlob directive
Peter
peter at pajamian.dhs.org
Sun Mar 26 01:22:09 UTC 2017
On 26/03/17 13:38, Jon Jensen wrote:
> But for many legacy sites it's still going to be years before we can do
> that due to numerous dependencies on the plain HTTP URLs.
This depends largely on sites dependence on hard-coded URLs. If sites
(even legacy ones) stick the use of the [area] tag and other mechanisms
that check VendURL then the transition is relatively easy.
That said, I'm not opposed to adding this directive, I think it's a good
idea and don't see any particular issues with the functionality itself.
I just think that if someone is going to use it it may very well be a
good time to re-think your approach and consider a change to full https
instead.
Peter
More information about the interchange-users
mailing list