Page 1 of 1
[2.0] optional "force ssl" in config
Posted: Wed Jul 31, 2013 1:33 pm
by bernd_d
I think it could be nice to have an option within core-settings like
force ssl
If checkbox is selected and config is saved, following lines need to be included within .htaccess
Code: Select all
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]
Re: [2.0] optional "force ssl" in config
Posted: Wed Jul 31, 2013 1:46 pm
by garvinhicking
Hi!
Problem with this, what with people who have no mod_rewrite or are using IIS, or whatever, this would require a depending option check, so that it's only available if urlrewriting=mod_rewrite. So it's sadly not as straight-forward as it might sound, but it would be a nice thing to have.
Regards,
Garvin
Re: [2.0] optional "force ssl" in config
Posted: Wed Jul 31, 2013 1:55 pm
by bernd_d
It's just a suggestion
Don't know how, for example Piwik, does it. There i only have to set an value within config-file and php/script/whatever redirects without modify something in htaccess.
Re: [2.0] optional "force ssl" in config
Posted: Wed Jul 31, 2013 2:04 pm
by garvinhicking
Hi!
I think we should better add a PHP check for this, then also people without mod_rewrite could get it,something like:
Code: Select all
if (serendipity_db_bool($serendipity['use_ssl']) && $_SERVER['HTTPS'] != 'on') {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
Regards,
Garvin