[ic] RFC: New AlwaysSecureGlob directive

Stefan Hornburg (Racke) racke at linuxia.de
Sun Mar 26 13:16:52 UTC 2017

On 03/26/2017 12:56 AM, Jon Jensen wrote:
> Interchangers,
> Before I push it to the main repository I'd like to solicit any feedback you all may have on a new catalog directive
> "AlwaysSecureGlob", which is the same as AlwaysSecure but allows shell-style glob wildcards * and ? to be used, and
> requires comma-separation as other similar directives do (such as RobotUA).
> The AlwaysSecure directive requires an exact match of the page name and it's not possible to enumerate all the admin
> URLs or ActionMaps that should be generated secure-only, so this new directive makes that possible with wildcard matching.
> The commit:
> https://github.com/jonjensen/interchange/commit/b498ab78fabd77784f216e7f1dc050e5da5e52a9
> Thanks,
> Jon

Yes, fair enough.

I agree with Peter that websites nowadays should use https:// only as far as it goes.
But that isn't always possible, e.g. Amazon MWS requires product http:// for images.

Of course rewriting of these links could also happen at web server level. It would be
a tad more efficient there, as well.


Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.

More information about the interchange-users mailing list