[ic] RFC: New AlwaysSecureGlob directive
Stefan Hornburg (Racke)
racke at linuxia.de
Sun Mar 26 13:16:52 UTC 2017
On 03/26/2017 12:56 AM, Jon Jensen wrote:
> Before I push it to the main repository I'd like to solicit any feedback you all may have on a new catalog directive
> "AlwaysSecureGlob", which is the same as AlwaysSecure but allows shell-style glob wildcards * and ? to be used, and
> requires comma-separation as other similar directives do (such as RobotUA).
> The AlwaysSecure directive requires an exact match of the page name and it's not possible to enumerate all the admin
> URLs or ActionMaps that should be generated secure-only, so this new directive makes that possible with wildcard matching.
> The commit:
Yes, fair enough.
I agree with Peter that websites nowadays should use https:// only as far as it goes.
But that isn't always possible, e.g. Amazon MWS requires product http:// for images.
Of course rewriting of these links could also happen at web server level. It would be
a tad more efficient there, as well.
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.
More information about the interchange-users