[horde] full url
Chris Petersen
lists at forevermore.net
Mon Mar 17 19:03:44 PST 2003
> The only way to "force" it is via your web server configuration.
guess I just don't know how to force it to forward all non-ssl
connections to ssl.
> That doesn't force ssl. It simply means that full urls will be written
> as https: urls.
what's the point of this if nothing is ever written as a full URL?
Sounds like a waste of code if it's never used.
> Maybe. But the only way to actually inforce this is at the web server
> level. You can't enforce it in the code.
what do you mean "can't"? I do this all the time in my code:
if not ssl then redirect to ssl url...
piece of cake.
> Note that it says right there it only applies to full URLs.
> How we generate full urls. Never says anything about relative urls.
one would think that this should be rewritten so that if use_ssl is
enabled, and the user is viewing a non-ssl page, the program should
detect that and create a full URL that links to the ssl page. An extra
"if" or two isn't going to slow down execution that much, and would make
use_ssl a heck of a lot more meaningful.
-Chris
More information about the horde
mailing list